Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nabouraná emailová komunikace, vykradený účet...

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Motal
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 14 dub 2009 12:26

Nabouraná emailová komunikace, vykradený účet...

#1 Příspěvek od Motal »

Zdravím,

nemůžu zacházet do mnoha detailů, ale jde o to, že jsme naletěli scammerům, kteří nabourali (nejsem odborník v oblasti, netuším, jakým způsobem) emailovou konverzaci, kde se útočníci dostali k i fakturám, které následně změnili fakturační údaje, aniž by si toho někdo všiml. Jde o zahraniční obchod a tak je komunikace poměrně náročná, nevíme, na čí straně je chyba. Seznam.cz nemůže poskytnout logy s přístupy někomu jinému než policii, takže nejsme schopni zjistit, jestli se někdo nenaboural do účtu (ale spíš si myslím, že nikoliv). Níže posílám logy, budu moc rád, pokud by nám někdo pomohl. Ještě to samé provedu z dalšího počítače, až se k němu dostanu, zdali není případně taky napadený.

Log FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019
Ran by castk (administrator) on DESKTOP-RRVK21G (25-02-2019 17:44:20)
Running from C:\Users\castk\Desktop
Loaded Profiles: castk (Available Profiles: castk)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Seznam.cz, a.s. -> ) C:\Users\castk\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Seznam.cz, a.s. -> ) C:\Users\castk\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.People_10.1812.10232.0_x64__8wekyb3d8bbwe\PeopleApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-10-03] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] (Seznam.cz, a.s. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\castk\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\castk\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a987bf-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a987cc-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a9885b-0e67-11e9-9c38-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-14] (Google LLC -> Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{528d69d2-9c14-4cd7-ac1a-71597671f0de}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7264eaaf-af60-4ffb-942e-5be3d4696a8a}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=29530
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {05A94019-40FF-4AC9-B631-73F6A71C2EBC} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {319667F4-3C11-4A92-B11C-5A41C20283C7} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {65F44C64-DBCF-4B93-80FF-7A41745A33F7} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {6AF9471A-B898-4790-A122-55CAB89847A0} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {6FC19A02-BECE-456C-9073-BE108DC2E158} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {9B5E7D24-CEEC-4654-BD4A-7325F2D58D36} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {B13237EA-B286-4AEB-97A3-FCFAE402BD46} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {B842F514-DCED-411D-A918-2FF34EC4501A} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {C02F0FDF-5C3B-40C5-851F-D9ACE83264A3} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_29530
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR NewTab: Default -> Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR Profile: C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default [2019-02-25]
CHR Extension: (Dokumenty) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-22]
CHR Extension: (Seznam doplněk - Email) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2019-02-15]
CHR Extension: (YouTube) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-22]
CHR Extension: (Vyhledávání Google) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-22]
CHR Extension: (Adobe Acrobat) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Tabulky) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2019-02-15]
CHR Extension: (Gmail) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] (Realtek Semiconductor Corp -> )
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-17] (Intel(R) Software -> Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-12-12] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [293344 2017-07-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-25] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
S3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [135992 2015-06-30] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-17] (Intel(R) Software -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel(R) Software -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [226560 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-09] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-07-28] (Realtek Semiconductor Corp -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [724448 2017-07-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6907240 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-25 17:44 - 2019-02-25 17:45 - 000027113 _____ C:\Users\castk\Desktop\FRST.txt
2019-02-25 17:42 - 2019-02-25 17:44 - 000000000 ____D C:\FRST
2019-02-25 17:41 - 2019-02-25 17:42 - 002433536 _____ (Farbar) C:\Users\castk\Desktop\FRST64.exe
2019-02-25 17:20 - 2019-02-25 17:20 - 000000000 ____D C:\Users\castk\AppData\Local\mbam
2019-02-25 17:19 - 2019-02-25 17:19 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-25 17:19 - 2019-02-25 17:19 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-25 17:19 - 2019-02-25 17:19 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-25 17:19 - 2019-02-25 17:19 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-25 17:19 - 2019-02-25 17:19 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-25 17:19 - 2019-02-25 17:19 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-25 17:19 - 2019-02-25 17:19 - 000000000 ____D C:\Users\castk\AppData\Local\mbamtray
2019-02-25 17:19 - 2019-02-25 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-25 17:19 - 2019-02-25 17:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-25 17:19 - 2019-02-25 17:19 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-25 17:19 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-25 17:19 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-25 17:17 - 2019-02-25 17:17 - 062142808 _____ (Malwarebytes ) C:\Users\castk\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9412.exe
2019-02-15 07:51 - 2019-02-15 07:51 - 000020992 _____ C:\Users\castk\Downloads\file75.xls
2019-02-15 07:51 - 2019-02-15 07:51 - 000018432 _____ C:\Users\castk\Downloads\file73.xls
2019-02-15 07:50 - 2019-02-15 07:50 - 000027136 _____ C:\Users\castk\Downloads\file72.xls
2019-02-13 07:06 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 07:06 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 07:06 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 07:06 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 07:06 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 07:06 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 07:06 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 07:06 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 07:06 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 07:06 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 07:06 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 07:06 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 07:06 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 07:06 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 07:06 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 07:06 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 07:06 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 07:06 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 07:06 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 07:06 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 07:06 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 07:06 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 07:06 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 07:06 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 07:06 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 07:06 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 07:06 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 07:06 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 07:06 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 07:06 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 07:06 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 07:06 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 07:06 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 07:06 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 07:06 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 07:06 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 07:06 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 07:06 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 07:06 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 07:06 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 07:05 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 07:05 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 07:05 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 07:05 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 07:05 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 07:05 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 07:05 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 07:05 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 07:05 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 07:05 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 07:05 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 07:05 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 07:05 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 07:05 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 07:05 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 07:05 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 07:05 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 07:05 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 07:05 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 07:05 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 07:05 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 07:05 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 07:05 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 07:05 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 07:05 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 07:05 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 07:05 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 07:05 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 07:05 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 07:05 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 07:05 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 07:05 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 07:05 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 07:05 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 07:05 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 07:05 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 07:05 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 07:05 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 07:05 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 07:05 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 07:05 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 07:05 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 07:05 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 07:05 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 07:05 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 07:05 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 07:05 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 07:05 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 07:05 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 07:05 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 07:05 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 07:05 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 07:05 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 07:05 - 2019-02-06 02:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 07:05 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 07:05 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 07:05 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 07:05 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 07:05 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 07:05 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 07:05 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 07:05 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 07:05 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 07:05 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 07:05 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 07:05 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 07:05 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 07:05 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 07:05 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 07:05 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 07:05 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 07:05 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 07:05 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 07:05 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 07:05 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 07:05 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 07:05 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 07:05 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 07:05 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 07:05 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 07:05 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 07:05 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 07:05 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 07:05 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 07:05 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 07:05 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 07:05 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 07:05 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 07:05 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 07:05 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 07:05 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 07:05 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 07:05 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 07:05 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 07:05 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 07:05 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 07:05 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-11 08:29 - 2019-02-11 08:33 - 000000000 ____D C:\Users\castk\Desktop\jerry foto
2019-01-27 14:01 - 2017-03-05 18:06 - 000000000 ____D C:\Users\castk\Downloads\Avicii_True_Album
2019-01-27 09:04 - 2019-01-27 09:04 - 000001066 _____ C:\Users\Public\Desktop\HiSuite.lnk
2019-01-27 09:04 - 2019-01-27 09:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2019-01-27 09:04 - 2019-01-27 09:04 - 000000000 ____D C:\Program Files (x86)\HiSuite
2019-01-27 09:04 - 2018-12-12 11:32 - 000287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2019-01-27 09:04 - 2018-12-12 11:32 - 000226560 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2019-01-27 09:04 - 2018-12-12 11:32 - 000127360 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
2019-01-27 09:04 - 2018-12-12 11:32 - 000116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2019-01-27 09:04 - 2018-12-12 11:32 - 000018944 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbccgpfilter.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-25 17:45 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-25 17:31 - 2018-06-05 10:04 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{457C2059-146A-4336-9233-7976C45B48A8}
2019-02-25 17:19 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-25 17:11 - 2018-06-05 09:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-25 14:47 - 2018-06-05 10:04 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2019-02-25 14:47 - 2018-06-05 10:04 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2019-02-25 14:47 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-25 14:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-25 14:46 - 2017-01-16 20:22 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-25 14:45 - 2018-03-01 11:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-25 14:45 - 2016-12-04 15:46 - 000000000 ____D C:\Users\castk\AppData\Roaming\Seznam.cz
2019-02-25 14:41 - 2015-12-10 04:32 - 000000165 _____ C:\Users\castk\AppData\Roaming\sp_data.sys
2019-02-25 14:40 - 2015-12-10 04:32 - 000000000 __SHD C:\Users\castk\IntelGraphicsProfiles
2019-02-22 20:45 - 2017-05-22 10:24 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-22 15:59 - 2018-06-05 10:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-22 15:58 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-21 14:04 - 2017-01-03 16:05 - 000109670 _____ C:\Users\castk\Desktop\Pokladna.ods
2019-02-20 08:51 - 2018-10-04 13:11 - 000021392 _____ C:\Users\castk\Desktop\Kniha jízd-Galaxy 4SI.ods
2019-02-17 15:00 - 2018-06-05 10:00 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-17 15:00 - 2018-04-12 16:50 - 000717712 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-17 15:00 - 2018-04-12 16:50 - 000144954 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-17 15:00 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-15 07:30 - 2018-11-16 07:24 - 000000000 ____D C:\Program Files\rempl
2019-02-14 07:03 - 2018-06-05 10:04 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-14 06:57 - 2017-01-05 17:00 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-14 06:57 - 2017-01-05 17:00 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-14 06:48 - 2018-06-05 09:42 - 000311232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 07:13 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 07:05 - 2016-02-22 10:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 07:02 - 2016-02-22 10:29 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-11 06:57 - 2018-06-05 10:04 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1118852057-2493413303-2315907040-1001
2019-02-11 06:57 - 2018-06-05 09:48 - 000002440 _____ C:\Users\castk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-11 06:57 - 2015-12-10 04:36 - 000000000 ___RD C:\Users\castk\OneDrive
2019-02-08 12:10 - 2018-07-10 07:52 - 000000000 ____D C:\ProgramData\Packages
2019-02-05 10:49 - 2018-02-05 11:05 - 000000000 ____D C:\Users\castk\Desktop\FotoFiat měsíce
2019-02-05 09:58 - 2018-10-08 10:30 - 000019721 _____ C:\Users\castk\Desktop\práce USA.ods
2019-02-02 23:53 - 2018-11-15 06:49 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-11-15 06:49 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-27 09:06 - 2017-01-20 11:15 - 000000000 ____D C:\Users\castk\AppData\Local\Hisuite

==================== Files in the root of some directories =======

2015-12-10 04:32 - 2019-02-25 14:41 - 000000165 _____ () C:\Users\castk\AppData\Roaming\sp_data.sys
2016-12-20 07:37 - 2016-12-20 07:37 - 000003584 _____ () C:\Users\castk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-05 09:42

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019
Ran by castk (25-02-2019 17:45:50)
Running from C:\Users\castk\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-06-05 09:05:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1118852057-2493413303-2315907040-500 - Administrator - Disabled)
castk (S-1-5-21-1118852057-2493413303-2315907040-1001 - Administrator - Enabled) => C:\Users\castk
DefaultAccount (S-1-5-21-1118852057-2493413303-2315907040-503 - Limited - Disabled)
Guest (S-1-5-21-1118852057-2493413303-2315907040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1118852057-2493413303-2315907040-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1118852057-2493413303-2315907040-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.93 - ICEpower a/s)
Balíček ovladače systému Windows - MediaTek Inc. (wdm_usb) Ports (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Gold Rush The Game (HKLM-x32\...\Gold Rush The Game_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.0.3.300 - Huawei Technologies Co.,Ltd)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
LenovoUsbDriver 1.1.33 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.33 - Lenovo)
LibreOffice 5.2.2.2 (HKLM-x32\...\{69751441-D5E0-4668-893F-CB797B082D09}) (Version: 5.2.2.2 - The Document Foundation)
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.57 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.57 - NVIDIA Corporation) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{E4FFCEE7-CF71-4346-8AF7-1A2CA7CFCF64}) (Version: 2.48.0 - The Pokémon Company International)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.875.080715 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7620 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0273 - REALTEK Semiconductor Corp.)
Roblox Player for castk (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Roblox Studio for castk (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
Seznam Software (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.73909 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {106EC825-0642-48E6-A3C3-0E1D8312BCBD} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {1F032113-E94D-4FC2-868E-3701C15F63D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {3F0463C9-751C-4BC9-BBD6-965258D4D246} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4FE51165-5659-4F09-8043-E350967963BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {6C95D4EC-9779-42A9-8AE3-B1487020CF27} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {7CBA513F-2D76-4B17-92D2-D182D6D4790C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7DD3AFB9-3316-41DB-A0F8-CBF34FC59208} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) [File not signed]
Task: {813976B4-2CAA-4A41-A266-96817978637A} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe () [File not signed]
Task: {83B72C9E-9726-4C31-B0EC-9E9D061F169F} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe () [File not signed]
Task: {8A0633DD-0B3E-45C4-83EA-3876294D65E3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8FE95EEA-9857-4180-BBD6-DCE937B8C79D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A22265F6-E7E9-4395-A102-A74F3EDBAB8D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A2CAC6D7-596F-478E-AC70-B536CED235D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {BC1CFC05-8912-48EA-8A09-0563E465A519} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe () [File not signed]
Task: {CFE39678-23AD-47A3-AD9E-15B75541B14D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {EE0F7878-FE31-40C1-BA7D-4E485A09EBE1} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {FDFB5ED4-9E1E-44CF-AB96-B6DFC5E6AF8B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-12-10 03:16 - 2015-10-03 03:23 - 001439184 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2018-12-12 11:32 - 2018-12-12 11:32 - 000190784 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2015-05-19 10:11 - 2015-05-19 10:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2015-08-25 10:40 - 2015-08-25 10:40 - 000055296 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2015-12-10 03:17 - 2015-10-03 03:22 - 001710568 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\WINDOWS\system32\nvspcap64.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 001680384 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000178688 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2016-08-01 09:35 - 2016-08-01 09:35 - 000435200 _____ (ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2013-04-27 09:24 - 2013-04-27 09:24 - 000071680 _____ () [File not signed] C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-02-25 17:19 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000086016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000037888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\castk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\z-knoblozky-342.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{01E77516-2934-47E9-801F-4CEF96A6307B}C:\program files\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [UDP Query User{842123C5-3452-4296-A47D-73D2D58A0615}C:\program files\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [TCP Query User{0B466669-2C49-4901-B78D-351356B31773}C:\users\castk\desktop\v1.05_raft_win64\v1.05_raft_win64.exe] => (Allow) C:\users\castk\desktop\v1.05_raft_win64\v1.05_raft_win64.exe No File
FirewallRules: [UDP Query User{F80880A2-16AF-44B4-A41D-3380AAFA6C4C}C:\users\castk\desktop\v1.05_raft_win64\v1.05_raft_win64.exe] => (Allow) C:\users\castk\desktop\v1.05_raft_win64\v1.05_raft_win64.exe No File
FirewallRules: [TCP Query User{5A565092-73E9-48E9-B74E-D55EDFF82FA0}C:\users\castk\desktop\subnautica.v45239\subnautica.exe] => (Block) C:\users\castk\desktop\subnautica.v45239\subnautica.exe No File
FirewallRules: [UDP Query User{9A34846B-B234-4999-AE11-A54C67501D4C}C:\users\castk\desktop\subnautica.v45239\subnautica.exe] => (Block) C:\users\castk\desktop\subnautica.v45239\subnautica.exe No File
FirewallRules: [{5140F8A6-12E8-47FF-B7FA-6E6D1A554103}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

11-02-2019 08:44:58 Naplánovaný kontrolní bod
15-02-2019 07:28:54 Windows Update
25-02-2019 16:02:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2019 09:02:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MessagingApplication.exe, verze: 4.1901.1901.24001, časové razítko: 0x5c4a5426
Název chybujícího modulu: twinapi.appcore.dll, verze: 10.0.17134.137, časové razítko: 0xb5d50228
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000009cad5
ID chybujícího procesu: 0x1f0c
Čas spuštění chybující aplikace: 0x01d4c8f291e1621a
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.10241.0_x64__8wekyb3d8bbwe\MessagingApplication.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
ID zprávy: 1d7519bd-ebac-439e-9be5-e7988a7bfe0b
Úplný název chybujícího balíčku: Microsoft.Messaging_4.1901.10241.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: x27e26f40ye031y48a6yb130yd1f20388991ax

Error: (02/17/2019 02:56:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WLANExt.exe, verze: 10.0.17134.1, časové razítko: 0x37c688c7
Název chybujícího modulu: ntdll.dll, verze: 10.0.17134.556, časové razítko: 0x74bed8b0
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000f479b
ID chybujícího procesu: 0xda0
Čas spuštění chybující aplikace: 0x01d4c6c848b0e14a
Cesta k chybující aplikaci: C:\WINDOWS\system32\WLANExt.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 2949b524-4710-4ab8-a889-7f14235e307e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/17/2019 02:55:38 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-RRVK21G$ přes https://INTC-KeyId-5e73c89aa3e902b272b9 ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(12485ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/15/2019 08:25:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Video.UI.exe verze 10.19011.1131.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 20b8

Čas spuštění: 01d4c4f23202791c

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe

ID hlášení: c942e837-3ef8-462f-8a1e-f77ca5324ed9

Úplný název balíčku s chybou: Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: Microsoft.ZuneVideo

Error: (02/15/2019 08:25:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program ShellExperienceHost.exe verze 10.0.17134.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 2fe8

Čas spuštění: 01d4c4f22996b870

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

ID hlášení: 52012d05-ae91-47f4-b7da-5872273a504a

Úplný název balíčku s chybou: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy

ID aplikace související s balíčkem s chybou: App

Error: (02/14/2019 04:10:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_UserDataSvc, verze: 10.0.17134.556, časové razítko: 0xf23cada5
Název chybujícího modulu: ntdll.dll, verze: 10.0.17134.556, časové razítko: 0x74bed8b0
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000d5a1
ID chybujícího procesu: 0x1e00
Čas spuštění chybující aplikace: 0x01d4c42910afdfea
Cesta k chybující aplikaci: c:\windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: a8934527-fdc3-4d7c-9635-09072040deb9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/27/2019 08:49:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.17134.165 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 24d0

Čas spuštění: 01d4b61485392c64

Čas ukončení: 20

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: 90fb239c-37c8-49b4-8d8a-d2dbcf345082

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (01/21/2019 02:18:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ShellExperienceHost.exe, verze: 10.0.17134.1, časové razítko: 0x5ace103a
Název chybujícího modulu: igd10iumd64.dll, verze: 21.20.16.4550, časové razítko: 0x58261950
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000007d100
ID chybujícího procesu: 0x2010
Čas spuštění chybující aplikace: 0x01d4b14c159abfe6
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igd10iumd64.dll
ID zprávy: 6379cb5b-ffea-4c01-9d53-757879da592b
Úplný název chybujícího balíčku: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: App


System errors:
=============
Error: (02/25/2019 05:30:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RRVK21G)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-RRVK21G\castk (SID: S-1-5-21-1118852057-2493413303-2315907040-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 02:57:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 02:44:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 02:43:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 02:41:03 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RRVK21G)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-RRVK21G\castk (SID: S-1-5-21-1118852057-2493413303-2315907040-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 02:40:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 02:40:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 02:39:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-02-17 15:28:42.313
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {2CE21546-B453-4AFA-AE78-6C44E344E022}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-28 12:04:46.220
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {DE5503DC-69D5-4021-96A5-0DFD5AC83357}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-21 08:16:37.963
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {477B4E01-7282-4E05-A543-7209B0A62B29}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-21 07:55:05.744
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {92A8AA67-9585-41C0-936C-53E87928F42E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-21 07:43:01.309
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {059BDAB4-4DBC-4953-B2FD-1BEDFF770484}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-12-10 07:04:20.601
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.281.1443.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-02-25 17:24:19.782
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.711
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.706
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.700
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.695
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.691
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.686
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.681
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 54%
Total physical RAM: 8090.93 MB
Available physical RAM: 3714.84 MB
Total Virtual: 9370.93 MB
Available Virtual: 4444.42 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:60.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:546.33 GB) NTFS

\\?\Volume{94f526ab-5dd6-44a0-aff3-81008b54fbd1}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{d6db3a29-60f8-4499-b363-1cedfb181102}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9B5BC89E)

Partition: GPT.

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nabouraná emailová komunikace, vykradený účet...

#2 Příspěvek od Rudy »

Zdravím!
V prvé řadě si změňte hesla, kterých se problém týká. Pak spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Motal
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 14 dub 2009 12:26

Re: Nabouraná emailová komunikace, vykradený účet...

#3 Příspěvek od Motal »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-25-2019
# Duration: 00:00:10
# OS: Windows 10 Home
# Cleaned: 14
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}
Deleted C:\Program Files (x86)\Seznam.cz
Not Deleted C:\Users\castk\AppData\Roaming\Seznam.cz
Deleted C:\ProgramData\Solvusoft
Deleted C:\Users\castk\AppData\Roaming\Solvusoft

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email
Deleted Seznam doplněk - Esko

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2438 octets] - [25/02/2019 23:14:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nabouraná emailová komunikace, vykradený účet...

#4 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Motal
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 14 dub 2009 12:26

Re: Nabouraná emailová komunikace, vykradený účet...

#5 Příspěvek od Motal »

Díky moc. K tomu druhému PC jsem se zatím nedostal, byl jsem pracovně vytížen.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01
Ran by castk (administrator) on DESKTOP-RRVK21G (26-02-2019 18:42:21)
Running from C:\Users\castk\Desktop
Loaded Profiles: castk & (Available Profiles: castk)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-10-03] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840038\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840242\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a987bf-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a987cc-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a9885b-0e67-11e9-9c38-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a987bf-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a987cc-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a9885b-0e67-11e9-9c38-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{528d69d2-9c14-4cd7-ac1a-71597671f0de}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7264eaaf-af60-4ffb-942e-5be3d4696a8a}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=29530
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=29530
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {05A94019-40FF-4AC9-B631-73F6A71C2EBC} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {319667F4-3C11-4A92-B11C-5A41C20283C7} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {65F44C64-DBCF-4B93-80FF-7A41745A33F7} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {6AF9471A-B898-4790-A122-55CAB89847A0} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {6FC19A02-BECE-456C-9073-BE108DC2E158} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {9B5E7D24-CEEC-4654-BD4A-7325F2D58D36} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {B13237EA-B286-4AEB-97A3-FCFAE402BD46} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {B842F514-DCED-411D-A918-2FF34EC4501A} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {C02F0FDF-5C3B-40C5-851F-D9ACE83264A3} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {05A94019-40FF-4AC9-B631-73F6A71C2EBC} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {319667F4-3C11-4A92-B11C-5A41C20283C7} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {65F44C64-DBCF-4B93-80FF-7A41745A33F7} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {6AF9471A-B898-4790-A122-55CAB89847A0} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {6FC19A02-BECE-456C-9073-BE108DC2E158} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {9B5E7D24-CEEC-4654-BD4A-7325F2D58D36} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {B13237EA-B286-4AEB-97A3-FCFAE402BD46} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {B842F514-DCED-411D-A918-2FF34EC4501A} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_29530
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {C02F0FDF-5C3B-40C5-851F-D9ACE83264A3} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_29530
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Profile: C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default [2019-02-25]
CHR Extension: (Dokumenty) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-22]
CHR Extension: (YouTube) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-22]
CHR Extension: (Vyhledávání Google) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-22]
CHR Extension: (Adobe Acrobat) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Tabulky) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] (Realtek Semiconductor Corp -> )
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-17] (Intel(R) Software -> Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-12-12] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [293344 2017-07-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-25] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
S3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [135992 2015-06-30] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-17] (Intel(R) Software -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel(R) Software -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [226560 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-25] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-09] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-07-28] (Realtek Semiconductor Corp -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [724448 2017-07-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6907240 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-26 18:42 - 2019-02-26 18:42 - 000000000 ____D C:\Users\castk\Desktop\FRST-OlderVersion
2019-02-25 23:17 - 2019-02-25 23:17 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-25 23:17 - 2019-02-25 23:17 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-25 23:17 - 2019-02-25 23:17 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-25 23:17 - 2019-02-25 23:17 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-25 23:13 - 2019-02-25 23:15 - 000000000 ____D C:\AdwCleaner
2019-02-25 23:13 - 2019-02-25 23:13 - 007316688 _____ (Malwarebytes) C:\Users\castk\Downloads\adwcleaner_7.2.7.0.exe
2019-02-25 17:44 - 2019-02-26 18:44 - 000027233 _____ C:\Users\castk\Desktop\FRST.txt
2019-02-25 17:42 - 2019-02-26 18:42 - 000000000 ____D C:\FRST
2019-02-25 17:41 - 2019-02-26 18:42 - 002433536 _____ (Farbar) C:\Users\castk\Desktop\FRST64.exe
2019-02-25 17:20 - 2019-02-25 17:20 - 000000000 ____D C:\Users\castk\AppData\Local\mbam
2019-02-25 17:19 - 2019-02-25 17:19 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-25 17:19 - 2019-02-25 17:19 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-25 17:19 - 2019-02-25 17:19 - 000000000 ____D C:\Users\castk\AppData\Local\mbamtray
2019-02-25 17:19 - 2019-02-25 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-25 17:19 - 2019-02-25 17:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-25 17:19 - 2019-02-25 17:19 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-25 17:19 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-25 17:19 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-25 17:17 - 2019-02-25 17:17 - 062142808 _____ (Malwarebytes ) C:\Users\castk\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9412.exe
2019-02-15 07:51 - 2019-02-15 07:51 - 000020992 _____ C:\Users\castk\Downloads\file75.xls
2019-02-15 07:51 - 2019-02-15 07:51 - 000018432 _____ C:\Users\castk\Downloads\file73.xls
2019-02-15 07:50 - 2019-02-15 07:50 - 000027136 _____ C:\Users\castk\Downloads\file72.xls
2019-02-13 07:06 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 07:06 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 07:06 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 07:06 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 07:06 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 07:06 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 07:06 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 07:06 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 07:06 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 07:06 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 07:06 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 07:06 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 07:06 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 07:06 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 07:06 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 07:06 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 07:06 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 07:06 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 07:06 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 07:06 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 07:06 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 07:06 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 07:06 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 07:06 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 07:06 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 07:06 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 07:06 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 07:06 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 07:06 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 07:06 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 07:06 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 07:06 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 07:06 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 07:06 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 07:06 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 07:06 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 07:06 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 07:06 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 07:06 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 07:06 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 07:05 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 07:05 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 07:05 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 07:05 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 07:05 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 07:05 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 07:05 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 07:05 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 07:05 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 07:05 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 07:05 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 07:05 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 07:05 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 07:05 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 07:05 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 07:05 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 07:05 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 07:05 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 07:05 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 07:05 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 07:05 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 07:05 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 07:05 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 07:05 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 07:05 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 07:05 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 07:05 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 07:05 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 07:05 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 07:05 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 07:05 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 07:05 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 07:05 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 07:05 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 07:05 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 07:05 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 07:05 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 07:05 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 07:05 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 07:05 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 07:05 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 07:05 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 07:05 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 07:05 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 07:05 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 07:05 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 07:05 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 07:05 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 07:05 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 07:05 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 07:05 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 07:05 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 07:05 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 07:05 - 2019-02-06 02:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 07:05 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 07:05 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 07:05 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 07:05 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 07:05 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 07:05 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 07:05 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 07:05 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 07:05 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 07:05 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 07:05 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 07:05 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 07:05 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 07:05 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 07:05 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 07:05 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 07:05 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 07:05 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 07:05 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 07:05 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 07:05 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 07:05 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 07:05 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 07:05 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 07:05 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 07:05 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 07:05 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 07:05 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 07:05 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 07:05 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 07:05 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 07:05 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 07:05 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 07:05 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 07:05 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 07:05 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 07:05 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 07:05 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 07:05 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 07:05 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 07:05 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 07:05 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 07:05 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 07:05 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 07:05 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 07:05 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 07:05 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-11 08:29 - 2019-02-11 08:33 - 000000000 ____D C:\Users\castk\Desktop\jerry foto
2019-01-27 14:01 - 2017-03-05 18:06 - 000000000 ____D C:\Users\castk\Downloads\Avicii_True_Album
2019-01-27 09:04 - 2019-01-27 09:04 - 000001066 _____ C:\Users\Public\Desktop\HiSuite.lnk
2019-01-27 09:04 - 2019-01-27 09:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2019-01-27 09:04 - 2019-01-27 09:04 - 000000000 ____D C:\Program Files (x86)\HiSuite
2019-01-27 09:04 - 2018-12-12 11:32 - 000287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2019-01-27 09:04 - 2018-12-12 11:32 - 000226560 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2019-01-27 09:04 - 2018-12-12 11:32 - 000127360 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
2019-01-27 09:04 - 2018-12-12 11:32 - 000116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2019-01-27 09:04 - 2018-12-12 11:32 - 000018944 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbccgpfilter.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-26 18:44 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-26 18:44 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-26 18:39 - 2015-12-10 04:32 - 000000165 _____ C:\Users\castk\AppData\Roaming\sp_data.sys
2019-02-26 18:37 - 2015-12-10 04:32 - 000000000 __SHD C:\Users\castk\IntelGraphicsProfiles
2019-02-25 23:21 - 2017-05-22 10:24 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-25 23:18 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-25 23:16 - 2018-06-05 10:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-25 23:16 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-25 23:15 - 2017-01-05 17:00 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-25 23:15 - 2017-01-05 17:00 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-25 23:14 - 2018-06-05 10:04 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{457C2059-146A-4336-9233-7976C45B48A8}
2019-02-25 17:19 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-25 17:11 - 2018-06-05 09:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-25 14:47 - 2018-06-05 10:04 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2019-02-25 14:47 - 2018-06-05 10:04 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2019-02-25 14:46 - 2017-01-16 20:22 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-25 14:45 - 2018-03-01 11:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-25 14:45 - 2016-12-04 15:46 - 000000000 ____D C:\Users\castk\AppData\Roaming\Seznam.cz
2019-02-21 14:04 - 2017-01-03 16:05 - 000109670 _____ C:\Users\castk\Desktop\Pokladna.ods
2019-02-20 08:51 - 2018-10-04 13:11 - 000021392 _____ C:\Users\castk\Desktop\Kniha jízd-Galaxy 4SI.ods
2019-02-17 15:00 - 2018-06-05 10:00 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-17 15:00 - 2018-04-12 16:50 - 000717712 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-17 15:00 - 2018-04-12 16:50 - 000144954 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-17 15:00 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-15 07:30 - 2018-11-16 07:24 - 000000000 ____D C:\Program Files\rempl
2019-02-14 07:03 - 2018-06-05 10:04 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-14 06:48 - 2018-06-05 09:42 - 000311232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 16:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 07:13 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 07:05 - 2016-02-22 10:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 07:02 - 2016-02-22 10:29 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-11 06:57 - 2018-06-05 10:04 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1118852057-2493413303-2315907040-1001
2019-02-11 06:57 - 2018-06-05 09:48 - 000002440 _____ C:\Users\castk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-11 06:57 - 2015-12-10 04:36 - 000000000 ___RD C:\Users\castk\OneDrive
2019-02-08 12:10 - 2018-07-10 07:52 - 000000000 ____D C:\ProgramData\Packages
2019-02-05 10:49 - 2018-02-05 11:05 - 000000000 ____D C:\Users\castk\Desktop\FotoFiat měsíce
2019-02-05 09:58 - 2018-10-08 10:30 - 000019721 _____ C:\Users\castk\Desktop\práce USA.ods
2019-02-02 23:53 - 2018-11-15 06:49 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-11-15 06:49 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-27 09:06 - 2017-01-20 11:15 - 000000000 ____D C:\Users\castk\AppData\Local\Hisuite

==================== Files in the root of some directories =======

2015-12-10 04:32 - 2019-02-26 18:39 - 000000165 _____ () C:\Users\castk\AppData\Roaming\sp_data.sys
2016-12-20 07:37 - 2016-12-20 07:37 - 000003584 _____ () C:\Users\castk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-05 09:42

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01
Ran by castk (26-02-2019 18:45:47)
Running from C:\Users\castk\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-06-05 09:05:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1118852057-2493413303-2315907040-500 - Administrator - Disabled)
castk (S-1-5-21-1118852057-2493413303-2315907040-1001 - Administrator - Enabled) => C:\Users\castk
DefaultAccount (S-1-5-21-1118852057-2493413303-2315907040-503 - Limited - Disabled)
Guest (S-1-5-21-1118852057-2493413303-2315907040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1118852057-2493413303-2315907040-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1118852057-2493413303-2315907040-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.93 - ICEpower a/s)
Balíček ovladače systému Windows - MediaTek Inc. (wdm_usb) Ports (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Gold Rush The Game (HKLM-x32\...\Gold Rush The Game_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.0.3.300 - Huawei Technologies Co.,Ltd)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
LenovoUsbDriver 1.1.33 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.33 - Lenovo)
LibreOffice 5.2.2.2 (HKLM-x32\...\{69751441-D5E0-4668-893F-CB797B082D09}) (Version: 5.2.2.2 - The Document Foundation)
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.57 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.57 - NVIDIA Corporation) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{E4FFCEE7-CF71-4346-8AF7-1A2CA7CFCF64}) (Version: 2.48.0 - The Pokémon Company International)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.875.080715 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7620 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0273 - REALTEK Semiconductor Corp.)
Roblox Player for castk (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Roblox Player for castk (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Roblox Studio for castk (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
Roblox Studio for castk (HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.73909 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {106EC825-0642-48E6-A3C3-0E1D8312BCBD} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {1F032113-E94D-4FC2-868E-3701C15F63D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {3F0463C9-751C-4BC9-BBD6-965258D4D246} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4FE51165-5659-4F09-8043-E350967963BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {6C95D4EC-9779-42A9-8AE3-B1487020CF27} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {7CBA513F-2D76-4B17-92D2-D182D6D4790C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7DD3AFB9-3316-41DB-A0F8-CBF34FC59208} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) [File not signed]
Task: {813976B4-2CAA-4A41-A266-96817978637A} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe () [File not signed]
Task: {83B72C9E-9726-4C31-B0EC-9E9D061F169F} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe () [File not signed]
Task: {8A0633DD-0B3E-45C4-83EA-3876294D65E3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8FE95EEA-9857-4180-BBD6-DCE937B8C79D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A22265F6-E7E9-4395-A102-A74F3EDBAB8D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A2CAC6D7-596F-478E-AC70-B536CED235D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {BC1CFC05-8912-48EA-8A09-0563E465A519} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe () [File not signed]
Task: {CFE39678-23AD-47A3-AD9E-15B75541B14D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {EE0F7878-FE31-40C1-BA7D-4E485A09EBE1} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {FDFB5ED4-9E1E-44CF-AB96-B6DFC5E6AF8B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-05-19 10:11 - 2015-05-19 10:11 - 000007680 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2018-12-12 11:32 - 2018-12-12 11:32 - 000190784 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2015-12-10 03:16 - 2015-10-03 03:23 - 001439184 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000055296 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2015-12-10 03:17 - 2015-10-03 03:22 - 001710568 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\WINDOWS\system32\nvspcap64.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-02-25 17:19 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-02-25 17:19 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 001680384 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000178688 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840038\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840242\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\castk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\z-knoblozky-342.jpg
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\Control Panel\Desktop\\Wallpaper -> C:\Users\castk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\z-knoblozky-342.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{01E77516-2934-47E9-801F-4CEF96A6307B}C:\program files\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [UDP Query User{842123C5-3452-4296-A47D-73D2D58A0615}C:\program files\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [TCP Query User{0B466669-2C49-4901-B78D-351356B31773}C:\users\castk\desktop\v1.05_raft_win64\v1.05_raft_win64.exe] => (Allow) C:\users\castk\desktop\v1.05_raft_win64\v1.05_raft_win64.exe No File
FirewallRules: [UDP Query User{F80880A2-16AF-44B4-A41D-3380AAFA6C4C}C:\users\castk\desktop\v1.05_raft_win64\v1.05_raft_win64.exe] => (Allow) C:\users\castk\desktop\v1.05_raft_win64\v1.05_raft_win64.exe No File
FirewallRules: [TCP Query User{5A565092-73E9-48E9-B74E-D55EDFF82FA0}C:\users\castk\desktop\subnautica.v45239\subnautica.exe] => (Block) C:\users\castk\desktop\subnautica.v45239\subnautica.exe No File
FirewallRules: [UDP Query User{9A34846B-B234-4999-AE11-A54C67501D4C}C:\users\castk\desktop\subnautica.v45239\subnautica.exe] => (Block) C:\users\castk\desktop\subnautica.v45239\subnautica.exe No File
FirewallRules: [{1179BEAB-2276-4D35-995C-C26B25784FD9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

11-02-2019 08:44:58 Naplánovaný kontrolní bod
15-02-2019 07:28:54 Windows Update
25-02-2019 16:02:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2019 09:02:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MessagingApplication.exe, verze: 4.1901.1901.24001, časové razítko: 0x5c4a5426
Název chybujícího modulu: twinapi.appcore.dll, verze: 10.0.17134.137, časové razítko: 0xb5d50228
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000009cad5
ID chybujícího procesu: 0x1f0c
Čas spuštění chybující aplikace: 0x01d4c8f291e1621a
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.10241.0_x64__8wekyb3d8bbwe\MessagingApplication.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
ID zprávy: 1d7519bd-ebac-439e-9be5-e7988a7bfe0b
Úplný název chybujícího balíčku: Microsoft.Messaging_4.1901.10241.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: x27e26f40ye031y48a6yb130yd1f20388991ax

Error: (02/17/2019 02:56:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WLANExt.exe, verze: 10.0.17134.1, časové razítko: 0x37c688c7
Název chybujícího modulu: ntdll.dll, verze: 10.0.17134.556, časové razítko: 0x74bed8b0
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000f479b
ID chybujícího procesu: 0xda0
Čas spuštění chybující aplikace: 0x01d4c6c848b0e14a
Cesta k chybující aplikaci: C:\WINDOWS\system32\WLANExt.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 2949b524-4710-4ab8-a889-7f14235e307e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/17/2019 02:55:38 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-RRVK21G$ přes https://INTC-KeyId-5e73c89aa3e902b272b9 ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(12485ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/15/2019 08:25:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Video.UI.exe verze 10.19011.1131.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 20b8

Čas spuštění: 01d4c4f23202791c

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe

ID hlášení: c942e837-3ef8-462f-8a1e-f77ca5324ed9

Úplný název balíčku s chybou: Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: Microsoft.ZuneVideo

Error: (02/15/2019 08:25:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program ShellExperienceHost.exe verze 10.0.17134.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 2fe8

Čas spuštění: 01d4c4f22996b870

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

ID hlášení: 52012d05-ae91-47f4-b7da-5872273a504a

Úplný název balíčku s chybou: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy

ID aplikace související s balíčkem s chybou: App

Error: (02/14/2019 04:10:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_UserDataSvc, verze: 10.0.17134.556, časové razítko: 0xf23cada5
Název chybujícího modulu: ntdll.dll, verze: 10.0.17134.556, časové razítko: 0x74bed8b0
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000d5a1
ID chybujícího procesu: 0x1e00
Čas spuštění chybující aplikace: 0x01d4c42910afdfea
Cesta k chybující aplikaci: c:\windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: a8934527-fdc3-4d7c-9635-09072040deb9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/27/2019 08:49:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.17134.165 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 24d0

Čas spuštění: 01d4b61485392c64

Čas ukončení: 20

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: 90fb239c-37c8-49b4-8d8a-d2dbcf345082

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (01/21/2019 02:18:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ShellExperienceHost.exe, verze: 10.0.17134.1, časové razítko: 0x5ace103a
Název chybujícího modulu: igd10iumd64.dll, verze: 21.20.16.4550, časové razítko: 0x58261950
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000007d100
ID chybujícího procesu: 0x2010
Čas spuštění chybující aplikace: 0x01d4b14c159abfe6
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igd10iumd64.dll
ID zprávy: 6379cb5b-ffea-4c01-9d53-757879da592b
Úplný název chybujícího balíčku: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: App


System errors:
=============
Error: (02/26/2019 06:37:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/26/2019 06:37:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/26/2019 06:37:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/26/2019 06:37:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_6eef0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/25/2019 11:19:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 11:19:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 11:19:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RRVK21G)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-RRVK21G\castk (SID: S-1-5-21-1118852057-2493413303-2315907040-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2019 11:17:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-02-17 15:28:42.313
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {2CE21546-B453-4AFA-AE78-6C44E344E022}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-28 12:04:46.220
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {DE5503DC-69D5-4021-96A5-0DFD5AC83357}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-21 08:16:37.963
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {477B4E01-7282-4E05-A543-7209B0A62B29}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-21 07:55:05.744
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {92A8AA67-9585-41C0-936C-53E87928F42E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-21 07:43:01.309
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {059BDAB4-4DBC-4953-B2FD-1BEDFF770484}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-12-10 07:04:20.601
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.281.1443.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-02-25 17:24:19.782
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.711
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.706
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.700
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.695
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.691
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.686
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-25 17:24:19.681
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 8090.93 MB
Available physical RAM: 5026.97 MB
Total Virtual: 9370.93 MB
Available Virtual: 6305.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:60.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:546.33 GB) NTFS

\\?\Volume{94f526ab-5dd6-44a0-aff3-81008b54fbd1}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{d6db3a29-60f8-4499-b363-1cedfb181102}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9B5BC89E)

Partition: GPT.

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nabouraná emailová komunikace, vykradený účet...

#6 Příspěvek od Rudy »

OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a987bf-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a987cc-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a9885b-0e67-11e9-9c38-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a987bf-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a987cc-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a9885b-0e67-11e9-9c38-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\castk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {4FE51165-5659-4F09-8043-E350967963BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {A22265F6-E7E9-4395-A102-A74F3EDBAB8D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A2CAC6D7-596F-478E-AC70-B536CED235D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Motal
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 14 dub 2009 12:26

Re: Nabouraná emailová komunikace, vykradený účet...

#7 Příspěvek od Motal »

Fix result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01
Ran by castk (26-02-2019 19:26:59) Run:1
Running from C:\Users\castk\Desktop
Loaded Profiles: castk & (Available Profiles: castk)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a987bf-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a987cc-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {48a9885b-0e67-11e9-9c38-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\...\MountPoints2: {fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a987bf-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a987cc-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a9885b-0e67-11e9-9c38-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} - "G:\HiSuiteDownLoader.exe"
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\castk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {4FE51165-5659-4F09-8043-E350967963BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {A22265F6-E7E9-4395-A102-A74F3EDBAB8D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A2CAC6D7-596F-478E-AC70-B536CED235D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a987bf-0e67-11e9-9c38-3052cbeee85c} => removed successfully
HKLM\Software\Classes\CLSID\{48a987bf-0e67-11e9-9c38-3052cbeee85c} => not found
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a987cc-0e67-11e9-9c38-3052cbeee85c} => removed successfully
HKLM\Software\Classes\CLSID\{48a987cc-0e67-11e9-9c38-3052cbeee85c} => not found
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a9885b-0e67-11e9-9c38-3052cbeee85c} => removed successfully
HKLM\Software\Classes\CLSID\{48a9885b-0e67-11e9-9c38-3052cbeee85c} => not found
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} => removed successfully
HKLM\Software\Classes\CLSID\{fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} => not found
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a987bf-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a987cc-0e67-11e9-9c38-3052cbeee85c} - "F:\HiSuiteDownLoader.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {48a9885b-0e67-11e9-9c38-3052cbeee85c} - "G:\HiSuiteDownLoader.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413\...\MountPoints2: {fb9ad2f6-1fe6-11e9-9c3c-3052cbeee85c} - "G:\HiSuiteDownLoader.exe" => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-1118852057-2493413303-2315907040-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02262019183840413 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
C:\Users\castk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx => removed successfully
HKLM\Software\Classes\CLSID\{CF24E6B8-F148-4BCB-9108-ADF313966E80} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FE51165-5659-4F09-8043-E350967963BC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FE51165-5659-4F09-8043-E350967963BC}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A22265F6-E7E9-4395-A102-A74F3EDBAB8D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A22265F6-E7E9-4395-A102-A74F3EDBAB8D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2CAC6D7-596F-478E-AC70-B536CED235D7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2CAC6D7-596F-478E-AC70-B536CED235D7}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 292544289 B
Java, Flash, Steam htmlcache => 851 B
Windows/system/drivers => 3539758 B
Edge => 4590824 B
Chrome => 914158068 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7056 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7056 B
LocalService => 0 B
NetworkService => 339890 B
NetworkService => 0 B
castk => 18357922 B

RecycleBin => 18845438326 B
EmptyTemp: => 18.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:30:09 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nabouraná emailová komunikace, vykradený účet...

#8 Příspěvek od Rudy »

Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Motal
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 14 dub 2009 12:26

Re: Nabouraná emailová komunikace, vykradený účet...

#9 Příspěvek od Motal »

Mockrát děkuju! Je možné z toho nějak zjistit, zdali došlo k napadení systému tak, aby byl někdo schopný dostat se do emailové schránky? Pravděpodobně jsme se stali obětí nějakého spoofingu, ale nerozumím moc tomu, že se útočník dostal nějakým způsobem k fakturám, které byl schopen změnit ke své potřebě.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nabouraná emailová komunikace, vykradený účet...

#10 Příspěvek od Rudy »

Toto: C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9} byl troják, ale nemohu určit, zda to byl právě on. Vše ostatní jsou buď potenciálně nechtěné programy, nebo zbytečnosti. Pokud chcete, můžete udělat ještě hloubkový sken pomocí MBAM: http://www.malwarebytes.org/mbam.php. Dejte log, předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Motal
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 14 dub 2009 12:26

Re: Nabouraná emailová komunikace, vykradený účet...

#11 Příspěvek od Motal »

Já jsem bohužel ještě před tím, než jsem psal na toto fórum, trochu v panice ten malwarebytes sken pouštěl a nechal smazat všechno, co mi našel. Log z toho přikládám níže.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 25.02.19
Čas skenování: 17:20
Logovací soubor: 3c41a2fc-3919-11e9-a90a-2c56dc9dc5b8.json

-Informace o softwaru-
Verze: 3.7.1.2839
Verze komponentů: 1.0.538
Aktualizovat verzi balíku komponent: 1.0.9434
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 17134.590)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-RRVK21G\castk

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 300791
Zjištěné hrozby: 227
Hrozby umístěné do karantény: 227
Uplynulý čas: 5 min, 3 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 5
PUP.Optional.FreindlyAppz.Generic, HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|empnbkhdkpjjjicngghcagifgkgeocnn, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hmaalgfdmcfgclkfamdiccgoiidebfph, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jcaeinkhackhjgocaeobeodkjcmabfgb, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.BlpSearch.Generic, HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|abfbilpkeccmldghpopiecichomplcnp, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.Movix.Generic, HKU\S-1-5-21-1118852057-2493413303-2315907040-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lbcmfpifjcpiljbafbniknoljeljfigl, V karanténě, [14598], [480150],1.0.9434

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 43
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\js\official, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\_metadata, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\vertical, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\images, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\js, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EMPNBKHDKPJJJICNGGHCAGIFGKGEOCNN, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\_metadata, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\config, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\icons, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\libs, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HMAALGFDMCFGCLKFAMDICCGOIIDEBFPH, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\jcaeinkhackhjgocaeobeodkjcmabfgb, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\_metadata, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\config, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\icons, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JCAEINKHACKHJGOCAEOBEODKJCMABFGB, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\_metadata, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\icons, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\js, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ABFBILPKECCMLDGHPOPIECICHOMPLCNP\1.0.0.3281_0, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.Movix.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\css\default, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\sprite, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\css, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\img, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\icons, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\_metadata, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\fonts, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\json, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\css, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCMFPIFJCPILJBAFBNIKNOLJELJFIGL\1.0.1_0, V karanténě, [14598], [480150],1.0.9434

Soubor: 179
PUP.Optional.FreindlyAppz.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahrazen, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Nahrazen, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Nahrazen, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EMPNBKHDKPJJJICNGGHCAGIFGKGEOCNN\1.0.0_0\MANIFEST.JSON, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts\material-icons.css, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts\MaterialIcons-Regular.eot, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts\MaterialIcons-Regular.ijmap, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts\MaterialIcons-Regular.svg, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts\MaterialIcons-Regular.ttf, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts\MaterialIcons-Regular.woff, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts\MaterialIcons-Regular.woff2, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts\RobotoCondensed-Light.ttf, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\fonts\RobotoCondensed-Regular.ttf, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\css\style.css, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\images\icon128.png, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\images\icon16.png, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\images\icon38.png, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\js\official\bootstrap.min.js, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\js\official\jquery.min.js, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\js\official\material.min.js, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\js\base.js, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\js\init.js, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\js\main.js, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\vertical\440x280.jpg, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\vertical\init.js, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\vertical\pop.js, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\_metadata\computed_hashes.json, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\_metadata\verified_contents.json, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.FreindlyAppz.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\empnbkhdkpjjjicngghcagifgkgeocnn\1.0.0_0\popup.html, V karanténě, [14666], [461844],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahrazen, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Nahrazen, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Nahrazen, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HMAALGFDMCFGCLKFAMDICCGOIIDEBFPH\50.105.13.4453_0\MANIFEST.JSON, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\config\config.json, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\icons\icon128.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\icons\icon16.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\icons\icon19disabled.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\icons\icon19on.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\icons\icon48.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\ajax.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\b2b-partner-tracking.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\background.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\chrome.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\content_script.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\dlp.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\dlpHelper.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\extension_detect.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\index.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\internationalSearchUtils.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\logger.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\settingsOverridesUtils.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\storageUtils.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\templateParser.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\ul.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\urlUtils.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\js\util.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\libs\PartnerId.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaalgfdmcfgclkfamdiccgoiidebfph\50.105.13.4453_0\_metadata\verified_contents.json, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jcaeinkhackhjgocaeobeodkjcmabfgb\000003.log, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jcaeinkhackhjgocaeobeodkjcmabfgb\CURRENT, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jcaeinkhackhjgocaeobeodkjcmabfgb\LOCK, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jcaeinkhackhjgocaeobeodkjcmabfgb\LOG, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jcaeinkhackhjgocaeobeodkjcmabfgb\LOG.old, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jcaeinkhackhjgocaeobeodkjcmabfgb\MANIFEST-000001, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahrazen, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Nahrazen, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Nahrazen, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JCAEINKHACKHJGOCAEOBEODKJCMABFGB\13.421.13.419_0\MANIFEST.JSON, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\config\config.json, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\config\extension-config.json, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\config\extension-dev-config.json, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\icons\icon128.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\icons\icon16.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\icons\icon19disabled.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\icons\icon19on.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\icons\icon48.png, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\logger.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\ajax.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\b2b-partner-tracking.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\background.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\chrome.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\content_script.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\dlp.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\dlpHelper.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\extension_detect.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\genericLoadRemoteSettings.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\index.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\initOfferCEF.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\offerService.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\pageUtils.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\PartnerId.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\product.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\storage.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\TabManager.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\TemplateParser.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\ul.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\urlFragmentActions.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\urlUtils.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\util.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\js\webtooltabAPI.js, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\_metadata\verified_contents.json, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\dynamicNewTab.html, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\productnewtab.html, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.MindSpark.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaeinkhackhjgocaeobeodkjcmabfgb\13.421.13.419_0\stubby.html, V karanténě, [1727], [467555],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahrazen, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Nahrazen, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Nahrazen, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ABFBILPKECCMLDGHPOPIECICHOMPLCNP\1.0.0.3281_0\JS\BRAND.JS, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\icons\checker.gif, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\icons\icon-128.png, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\js\background.js, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\_metadata\computed_hashes.json, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\_metadata\verified_contents.json, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\Archive created by free jZip.url, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.BlpSearch.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfbilpkeccmldghpopiecichomplcnp\1.0.0.3281_0\manifest.json, V karanténě, [14605], [443081],1.0.9434
PUP.Optional.Movix.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahrazen, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Nahrazen, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Nahrazen, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCMFPIFJCPILJBAFBNIKNOLJELJFIGL\1.0.1_0\JSON\MOVIE.JSON, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\css\default\PumaSideBar.css, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\css\default\PumaSideBar.min.css, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\css\ABEAKRG.TTF, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\css\font-awesome.min.css, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\css\main.css, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\css\PumaSideBar.css, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\fonts\fontawesome-webfont.eot, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\fonts\fontawesome-webfont.svg, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\fonts\fontawesome-webfont.ttf, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\fonts\fontawesome-webfont.woff, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\fonts\FontAwesome.otf, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\icons\356889-200.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\icons\icon128.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\icons\icon16.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\icons\icon38.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\sprite\css_sprites.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\arrow.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\close-icon.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\def4.jpg, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\featured-play.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\in-favorites.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\logo_search.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\imgs\out-of-favorites.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\auto_complete.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\background.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\bootstrap.min.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\content.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\jquery.min.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\jqueryui.min.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\main.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\offers.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\offersgames.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\offersmusic.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\PumaSideBar.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\savetodisk.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\js\settings.json, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\json\artists.json, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\json\games.json, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\css\weatherwidget.css, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\glyphicons-halflings-regular.eot, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\glyphicons-halflings-regular.svg, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\glyphicons-halflings-regular.ttf, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\glyphicons-halflings-regular.woff, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\glyphicons-halflings-regular.woff2, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\weathericons-regular-webfont.eot, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\weathericons-regular-webfont.svg, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\weathericons-regular-webfont.ttf, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\weathericons-regular-webfont.woff, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\fonts\weathericons-regular-webfont.woff2, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\img\icn_find.png, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\img\img_spinner.gif, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\weather\weatherwidget.js, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\_metadata\verified_contents.json, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\index.html, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.Movix.Generic, C:\Users\castk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmfpifjcpiljbafbniknoljeljfigl\1.0.1_0\manifest.json, V karanténě, [14598], [480150],1.0.9434
PUP.Optional.DriverHive, C:\PROGRAMDATA\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\OFFLINE\D4D9B972\46353557\DRIVERHIVEENGINE.DLL, V karanténě, [2930], [542209],1.0.9434
PUP.Optional.Solvusoft, C:\PROGRAMDATA\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\OFFLINE\7B8279D2\46353557\DRIVERDOC.EXE, V karanténě, [2929], [331663],1.0.9434
PUP.Optional.BlpSearch, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahrazen, [403], [496134],1.0.9434
PUP.Optional.Eanswers.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahrazen, [245], [495659],1.0.9434
PUP.Optional.Eanswers.Generic, C:\USERS\CASTK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahrazen, [245], [495659],1.0.9434

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nabouraná emailová komunikace, vykradený účet...

#12 Příspěvek od Rudy »

Všechny položky smažte. Keylogger mezi nimi není, jen je zbytečné, aby v PC byly.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Motal
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 14 dub 2009 12:26

Re: Nabouraná emailová komunikace, vykradený účet...

#13 Příspěvek od Motal »

Ano, díky moc, smazány už byly. Vážně si vážíme Vaší pomoci, opět přispějeme na provoz fóra. Co se týká druhého firemního počítače - doufám, že během dneška či zítřka se mi podaří sem poslat logy (do nového tématu).
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nabouraná emailová komunikace, vykradený účet...

#14 Příspěvek od Rudy »

Firemní PC zde neřešíme. Toto je portál určený pro home usery. Viz pravidla: https://forum.viry.cz/viewtopic.php?f=12&t=5601 (bod 6).
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Motal
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 14 dub 2009 12:26

Re: Nabouraná emailová komunikace, vykradený účet...

#15 Příspěvek od Motal »

Aha, děkuji za odpověď. :) Ono to není "firemní" PC jako firemní PC, jen mu tak říkáme. Technika na toto nemáme, ale rozumím zdůvodnění.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“