Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vírus destyy.com a zákerné otváranie okien

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
element
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 10 srp 2019 18:20
Kontaktovat uživatele:
Kontaktovat uživatele element

Vírus destyy.com a zákerné otváranie okien

#1 Příspěvek od element »

Čaute chalani,

Už asi 4 hodiny som strávil tak, že sa chcem zbaviť vírusu, ktorý po zapnutí počítača spustí prehliadač a otvorí dve reklamné okná (stránka destyy.com). Začne to tak, že po zapnutí pc na 2 sek sa spustí CMD, tam naskočí "update check.." nič len čierne prázdne okno a potom sa vypne a potom už naskakuje Chrome ktorý to otvára.

Čo som všetko spravil a stále som to neodstránil

- pozrel som zoznam nainštalovaných programov
- preskenoval som to eset, spybot, malwarebytes,junkware removal tool,,eset online skener,
- pozeral som procesy na pozadí nič som také nenašiel
- task scheduler som pozeral a nemám tam event
- host txt som čekol
- ikona prehliadača a vlastnosti či tam niečo nemá
- resetol som v chrome na pôvodné nastavenia

Už neviem čo by som spravil, googlil som to samozrejme a tie vyššie úlohy som odtiaľ nabral, ale stále sa neviem toho zbaviť. Má niekto nejaký nápad?

Určite je to v tom, že ten cmd sa zapne tam dá nejaký update check a potom na to sa spúšťa prehliadač, len neviem ako nájsť ten súbor, alebo proces.

Posielam aj logy:

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019
Ran by T450 (administrator) on TOMAS (LENOVO 20BUS0X10N) (10-08-2019 19:24:01)
Running from C:\Users\T450\Desktop
Loaded Profiles: T450 (Available Profiles: T450)
Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: Angličtina (USA)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Disig a.s. -> Disig a.s.) C:\Program Files (x86)\Disig\Disig Web Signer 1.0.7\Updater\WebSignerTray.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\T450\AppData\Local\FluxSoftware\Flux\flux.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\tposd.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\hvsimgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\hvsirdpclient.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\hvsirpcd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\vmwp.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Solid Documents, LLC) [File not signed] C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(troubadix) [File not signed] C:\Program Files\TPFanControl\TPFanControl.exe
(VideoLAN -> VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
Failed to access process -> vmmem

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [156672 2013-02-02] (troubadix) [File not signed]
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2019-04-18] (Power Software Limited -> Power Software Ltd)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [f.lux] => C:\Users\T450\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-10] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-05-05] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Web Signer.lnk [2018-10-06]
ShortcutTarget: Web Signer.lnk -> C:\Program Files (x86)\Disig\Disig Web Signer 1.0.7\Updater\WebSignerTray.exe (Disig a.s. -> Disig a.s.)
BootExecute: autocheck autochk * bootdelete

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {081AD513-5918-4D9B-8FD5-283B6882A50A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {22265DBF-9DFB-4CF4-90E3-1764DC69A632} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
Task: {25C5D5BD-BF3D-4FA9-AD2A-DD1E6E25C7C5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {46B3094D-8B02-4139-AD49-B1D80B8C787A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5E25BCEE-D4C2-4E61-8C48-ADBD7BA86A29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-10] (Google Inc -> Google Inc.)
Task: {6CE5E028-AA52-4146-A3B5-D97D270370F6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
Task: {7DACB74C-F8A1-454D-9E40-E0E26C0EB02F} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\WINDOWS\System32\ibmpmsvc.exe [855968 2018-05-23] (Lenovo -> Lenovo.)
Task: {8391F2FE-C99B-4410-BC71-39350BC53003} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {92296A20-0D36-4F43-A0F4-6BC7BED0E19A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AC061F61-8814-44EC-AA6B-1F28ED3FC67B} - System32\Tasks\AdobeGCInvoker-1.0-TOMAS-T450 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {ACB553D5-E46E-49DC-8B50-33CA4F026671} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {C3569B8E-EAF8-43D6-8D26-3017880ED25B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-10] (Google Inc -> Google Inc.)
Task: {C3AC5672-755E-4549-8A37-4D2B4A624F8C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-4265333793-1255850415-3889696489-1001 => C:\Users\T450\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
Task: {CCD47C80-EEC9-461F-9E98-BAF1A5F6EFC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D049F954-0DC7-4C0B-95E6-1CE1B31C51B7} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe
Task: {E5FC72C6-53AE-4680-8D96-108E23CFEC56} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {E9982440-C006-48E5-9477-2EC8211DACF3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0017f890-ab82-4120-81c3-beb49c53563d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2d25847a-b084-4369-b68c-f81d00c7069c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2eb10214-7d35-4f37-addf-88e59d1b6b99}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]

FireFox:
========
FF DefaultProfile: qtkw9hyo.default
FF ProfilePath: C:\Users\T450\AppData\Roaming\Mozilla\Firefox\Profiles\qtkw9hyo.default [2019-08-10]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.sk/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://app.livechatoo.com/tomaskolen/operator/sk/chat"
CHR Profile: C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default [2019-08-10]
CHR DownloadDir: C:\Users\T450\Desktop
CHR Extension: (Dokumenty) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-10]
CHR Extension: (Disk Google) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-10]
CHR Extension: (Chrome IG Story) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2019-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-11]
CHR Extension: (Full Page Screen Capture) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2019-08-10]
CHR Extension: (Tabuľky) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-10]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (AdBlock) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-10]
CHR Extension: (Go Fucking Work) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibmkkpfegfiinilnlabbfnjcopdiiig [2018-08-17]
CHR Extension: (Linkclump) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2019-04-19]
CHR Extension: (Boomerang for Gmail) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2019-06-29]
CHR Extension: (Kontrola pošty Google) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2018-03-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-19]
CHR Extension: (Disig Web Signer 1.0.7) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbdbcaekkgabdfaabepfjgiooilmaoe [2018-11-14]
CHR Extension: (LinkMiner) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdhdnpiclkaeicicamopfohidjokoom [2018-03-10]
CHR Extension: (Gmail) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-10]
CHR Profile: C:\Users\T450\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-06-13]
CHR Profile: C:\Users\T450\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-26]
CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [odbdbcaekkgabdfaabepfjgiooilmaoe] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S3 gcs; C:\WINDOWS\system32\vmcomputeagent.exe [1292704 2018-09-23] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
R2 hvsics; C:\WINDOWS\System32\hvsicontainerservice.dll [1073168 2019-07-04] (Microsoft Windows -> Microsoft Corporation)
R2 hvsics; C:\WINDOWS\SysWOW64\hvsicontainerservice.dll [22936 2018-05-20] (Microsoft Windows -> Microsoft Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [532968 2018-05-19] (Intel Corporation -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373656 2018-05-24] (Intel(R) pGFX -> Intel Corporation)
R2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [774040 2018-05-23] (Lenovo -> Lenovo.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265824 2018-06-25] (Intel Corporation -> )
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-09-23] (Microsoft Windows -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SCPDFReadSpool; C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe [320512 2009-10-23] (Solid Documents, LLC) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [277144 2018-11-19] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\TPHKLOAD.exe [422544 2018-07-18] (Lenovo -> Lenovo Group Limited)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848800 2018-06-25] (Intel Corporation -> Intel® Corporation)
S2 Lenovo Instant On; "C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe" [X]
S3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R1 hvsifltr; C:\WINDOWS\System32\drivers\hvsifltr.sys [52728 2018-11-09] (Microsoft Windows -> Microsoft Corporation)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-09-23] (Microsoft Windows -> Microsoft Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136728 2018-05-16] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-09] (Intel(R) Software -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8709656 2018-06-30] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [44232 2018-05-23] (Lenovo -> Lenovo.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [786688 2016-08-24] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [54928 2018-11-19] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [757824 2016-12-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-09-12] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-09-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-08-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-10 19:24 - 2019-08-10 19:25 - 000031871 ____C C:\Users\T450\Desktop\FRST.txt
2019-08-10 19:23 - 2019-08-10 19:24 - 000000000 ____D C:\FRST
2019-08-10 19:23 - 2019-08-10 19:23 - 002097664 ____C (Farbar) C:\Users\T450\Desktop\FRST64.exe
2019-08-10 19:18 - 2019-08-10 19:18 - 000114842 ____C C:\Users\T450\.recently-used.xbel
2019-08-10 16:17 - 2019-08-10 16:17 - 000000762 ____C C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-08-10 16:14 - 2019-08-10 16:25 - 000003700 _____ C:\WINDOWS\System32\Tasks\Lenovo Power Management Driver PnP Task
2019-08-10 16:07 - 2019-08-10 16:09 - 000302680 _____ C:\TDSSKiller.3.1.0.28_10.08.2019_16.07.56_log.txt
2019-08-10 15:04 - 2019-07-04 11:45 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-10 15:04 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-08-10 15:04 - 2019-07-04 11:41 - 001073168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvsicontainerservice.dll
2019-08-10 15:04 - 2019-07-04 11:41 - 000336936 _____ (Microsoft Corporation) C:\WINDOWS\system32\HvsiSettingsProvider.dll
2019-08-10 15:04 - 2019-07-04 11:41 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-10 15:04 - 2019-07-04 11:41 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvsirpcd.exe
2019-08-10 15:04 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-10 15:04 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-10 15:04 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-10 15:04 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-10 15:04 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-08-10 15:04 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-08-10 15:04 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-10 15:04 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-08-10 15:04 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-08-10 15:04 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-10 15:04 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-10 15:04 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-10 15:04 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-10 15:04 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-10 15:04 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-10 15:04 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-10 15:04 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-10 15:04 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-10 15:04 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-10 15:04 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-10 15:04 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-08-10 15:04 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-10 15:04 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-10 15:04 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-08-10 15:04 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-10 15:04 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-10 15:04 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-08-10 15:04 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-10 15:04 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-10 15:04 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-10 15:04 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-10 15:04 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-10 15:04 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-10 15:04 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-10 15:04 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-08-10 15:04 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-10 15:04 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-08-10 15:04 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-08-10 15:04 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-08-10 15:04 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-08-10 15:04 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-08-10 15:04 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-08-10 15:04 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-08-10 15:04 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-10 15:04 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-10 15:04 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-10 15:04 - 2019-07-04 06:27 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2019-08-10 15:04 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-10 15:04 - 2019-07-04 06:26 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2019-08-10 15:04 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-10 15:04 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-10 15:04 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-10 15:04 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-10 15:04 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-10 15:04 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-08-10 15:04 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-08-10 15:04 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-08-10 15:04 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-10 15:04 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-10 15:04 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-10 15:04 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-10 15:04 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-10 15:04 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-10 15:04 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-08-10 15:04 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-10 15:04 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-10 15:04 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-10 15:04 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-08-10 15:04 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-08-10 15:04 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-08-10 15:04 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-08-10 15:04 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-08-10 15:04 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-08-10 15:04 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-08-10 15:04 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-08-10 15:04 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-08-10 15:04 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-08-10 15:04 - 2019-06-13 13:43 - 001427984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-10 15:04 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-08-10 15:04 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-08-10 15:04 - 2019-06-13 13:42 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-08-10 15:04 - 2019-06-13 13:42 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-10 15:04 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-08-10 15:04 - 2019-06-13 13:41 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-10 15:04 - 2019-06-13 13:41 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-10 15:04 - 2019-06-13 13:41 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-10 15:04 - 2019-06-13 13:41 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-10 15:04 - 2019-06-13 13:40 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-10 15:04 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-08-10 15:04 - 2019-06-13 13:40 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-10 15:04 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-08-10 15:04 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-08-10 15:04 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-08-10 15:04 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-08-10 15:04 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-08-10 15:04 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-08-10 15:04 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-08-10 15:04 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-08-10 15:04 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-10 15:04 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-08-10 15:04 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-08-10 15:04 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-08-10 15:04 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-08-10 15:04 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-08-10 15:04 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-10 15:04 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-08-10 15:04 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-08-10 15:04 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-08-10 15:04 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-08-10 15:04 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-08-10 15:04 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-08-10 15:04 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-08-10 15:04 - 2019-06-13 12:11 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-08-10 15:04 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-08-10 15:04 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-08-10 15:04 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-08-10 15:04 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-08-10 15:04 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-08-10 15:04 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-10 15:04 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-08-10 15:04 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-08-10 15:04 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-08-10 15:04 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-08-10 15:04 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-08-10 15:04 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-08-10 15:04 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-08-10 15:04 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-08-10 15:04 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-08-10 15:04 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-08-10 15:04 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-08-10 15:04 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-08-10 15:04 - 2019-06-13 08:58 - 002300528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2019-08-10 15:04 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-10 15:04 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-08-10 15:04 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-08-10 15:04 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-08-10 15:04 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-10 15:04 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-08-10 15:04 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-10 15:04 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-10 15:04 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-08-10 15:04 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-08-10 15:04 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-08-10 15:04 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-10 15:04 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-08-10 15:04 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-08-10 15:04 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-08-10 15:04 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-08-10 15:04 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-08-10 15:04 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-08-10 15:04 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-08-10 15:04 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-08-10 15:04 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-08-10 15:04 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-08-10 15:04 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-10 15:04 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-08-10 15:04 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-10 15:04 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-08-10 15:04 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-08-10 15:04 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-10 15:04 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-10 15:04 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-08-10 15:04 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-08-10 15:04 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-08-10 15:04 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-08-10 15:04 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-10 15:04 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-10 15:04 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-10 15:04 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-08-10 15:04 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-08-10 15:04 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-08-10 15:04 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-08-10 15:04 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-08-10 15:04 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-08-10 15:04 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-10 15:04 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-08-10 15:04 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-08-10 15:04 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-08-10 15:04 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-08-10 15:04 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-10 15:04 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-08-10 15:04 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-24 19:35 - 2019-07-24 19:35 - 000055284 ____C C:\Users\T450\Desktop\digi 2.pdf
2019-07-23 11:58 - 2019-07-23 11:58 - 000000000 ____D C:\Users\T450\Desktop\585
2019-07-23 00:30 - 2019-07-23 00:30 - 000000000 ____D C:\Users\T450\Desktop\nahodit nove sady kufrov
2019-07-18 00:12 - 2019-07-18 11:56 - 000000513 ____C C:\Users\T450\Desktop\pridat okuliare.txt
2019-07-16 15:18 - 2019-07-16 15:18 - 000001190 ____C C:\Users\T450\Desktop\GIMP 2.lnk
2019-07-14 01:03 - 2019-07-15 21:24 - 000000191 ____C C:\Users\T450\Desktop\soferske pridat.txt
2019-07-13 05:24 - 2019-07-13 05:27 - 000000000 ____D C:\AdwCleaner

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-10 19:25 - 2018-07-28 12:19 - 000000000 ___DC C:\Users\T450\AppData\Roaming\vlc
2019-08-10 19:23 - 2018-03-10 12:18 - 000000000 ___DC C:\Users\T450\.gimp-2.6
2019-08-10 19:18 - 2018-05-19 15:03 - 000000000 ___DC C:\Users\T450
2019-08-10 19:18 - 2018-03-10 21:09 - 000000000 ___DC C:\Users\T450\AppData\Roaming\gtk-2.0
2019-08-10 19:16 - 2018-03-10 11:39 - 000000000 ___DC C:\Users\T450\AppData\Local\ClassicShell
2019-08-10 19:09 - 2018-05-19 15:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-10 18:25 - 2018-03-10 14:08 - 000000000 ____D C:\WINDOWS\AutoKMS
2019-08-10 16:30 - 2018-05-19 15:08 - 000838564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-10 16:30 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-10 16:26 - 2018-03-10 12:57 - 000000000 ___DC C:\Users\T450\AppData\Local\Packages
2019-08-10 16:25 - 2018-12-30 13:35 - 000000000 __RDC C:\Users\T450\iCloudDrive
2019-08-10 16:25 - 2018-09-23 14:10 - 000000828 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-08-10 16:25 - 2018-09-23 14:08 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2019-08-10 16:25 - 2018-05-19 15:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-10 16:25 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-10 16:25 - 2018-03-07 13:14 - 000000000 _SHDC C:\Users\T450\IntelGraphicsProfiles
2019-08-10 16:25 - 2018-03-07 13:13 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-08-10 16:24 - 2018-12-06 13:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Lenovo
2019-08-10 16:24 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-08-10 16:24 - 2018-03-07 13:57 - 000000000 ____D C:\Program Files\Lenovo
2019-08-10 16:24 - 2018-03-07 13:09 - 000000000 ____D C:\Program Files (x86)\Lenovo
2019-08-10 16:17 - 2019-06-25 09:13 - 000000000 ____D C:\Users\T450\AppData\Local\ESET
2019-08-10 15:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-10 15:12 - 2018-05-19 15:01 - 005107120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-10 15:11 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-10 15:11 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-08-10 15:11 - 2018-03-07 13:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-10 15:09 - 2018-03-07 13:46 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-10 15:07 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-10 13:52 - 2018-09-13 18:56 - 000000000 ___DC C:\Users\T450\AppData\Local\D3DSCache
2019-08-10 13:10 - 2018-05-19 15:08 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-08-10 12:49 - 2018-03-10 10:42 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-10 12:49 - 2018-03-10 10:42 - 000002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-10 12:48 - 2018-03-10 10:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-24 23:56 - 2019-04-28 00:48 - 000000208 ____C C:\Users\T450\Desktop\pridane produkty.txt
2019-07-24 10:39 - 2019-06-03 09:34 - 000000000 ____D C:\Users\T450\Desktop\faktúry na úhradu
2019-07-18 12:28 - 2018-12-22 22:54 - 000000000 ____D C:\Users\T450\Documents\Bigasoft Total Video Converter
2019-07-18 11:20 - 2018-12-11 00:26 - 000000000 ____D C:\Users\T450\Desktop\Sablony
2019-07-15 21:26 - 2018-10-22 10:27 - 000001057 _____ C:\Users\T450\Desktop\Hlasky.txt
2019-07-14 08:36 - 2018-03-07 13:47 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-13 07:18 - 2018-12-30 13:35 - 000000000 ____D C:\Users\T450\Documents\Súbory Outlooku
2019-07-13 07:18 - 2018-04-01 19:02 - 000000000 ___DC C:\Users\T450\AppData\Roaming\Apple Computer
2019-07-11 09:06 - 2018-03-10 17:28 - 000000876 _____ C:\Users\T450\Desktop\bankove ucty.txt

==================== Files in the root of some directories ================

2018-09-23 14:42 - 2018-09-23 15:02 - 000001480 ____C () C:\Users\T450\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2018-09-28 10:36 - 2018-09-28 10:36 - 000000000 ____C () C:\Users\T450\AppData\Local\oobelibMkey.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Nahoru
element
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 10 srp 2019 18:20
Kontaktovat uživatele:
Kontaktovat uživatele element

Re: Vírus destyy.com a zákerné otváranie okien

#2 Příspěvek od element »

tu je ďalší:

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by T450 at 2019-08-10 19:40:41
Microsoft Windows 10 Pro 
System drive C: has 43 GB (18%) free of 237 GB
Total RAM: 7888 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:40:52, on 10. 8. 2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\TPFanControl\TPFanControl.exe
C:\Users\T450\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Disig\Disig Web Signer 1.0.7\Updater\WebSignerTray.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files\trend micro\T450.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKCU\..\Run: [f.lux] "C:\Users\T450\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Global Startup: update.bat
O4 - Global Startup: Web Signer.lnk = C:\Program Files (x86)\Disig\Disig Web Signer 1.0.7\Updater\WebSignerTray.exe
O9 - Extra button: Odoslat do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslat do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\vmcomputeagent.exe,-100 (gcs) - Unknown owner - C:\WINDOWS\system32\vmcomputeagent.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem53.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe (file missing)
O23 - Service: @oem52.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyResume Service (Lenovo Instant On) - Unknown owner - C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe (file missing)
O23 - Service: @oem53.inf,%Lenovo.svcDesc1%;Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\WINDOWS\System32\LPlatSvc.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\TPHKLOAD.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vmcompute.exe,-100 (vmcompute) - Unknown owner - C:\WINDOWS\system32\vmcompute.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 13631 bytes

======Listing Processes======










\??\C:\WINDOWS\system32\lsaiso.exe
C:\WINDOWS\system32\lsass.exe
winlogon.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s HvHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalService -p
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\LPlatSvc.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache

c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\system32\WLANExt.exe 2254533273680
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files\Bonjour\mDNSResponder.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s hns
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\WINDOWS\system32\ibtsiva
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"c:\program files (x86)\soliddocuments\solid converter pdf\scpdfv6\solidconverterpdfservicex64.exe"

C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\TPHKLOAD.exe
c:\windows\system32\svchost.exe -k localservice -s W32Time

c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s SharedAccess
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hvsics
c:\windows\system32\svchost.exe -k netsvcs -s nvagent
C:\WINDOWS\system32\wbem\wmiprvse.exe

"C:\WINDOWS\System32\LPlatSvc.exe" -EM
C:\WINDOWS\System32\DRIVER~1\FILERE~1\FNE799~1.INF\driver\TPNUMLKD.EXE \\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.LockOSD
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\System32\DRIVER~1\FILERE~1\FNE799~1.INF\driver\TPOSD.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
C:\WINDOWS\System32\DRIVER~1\FILERE~1\FNE799~1.INF\driver\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\system32\vmcompute.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\WINDOWS\System32\vmwp.exe" 4B49AFDD-5E17-4575-92B6-F8ED5F2C6EAD 0x26c
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" 
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\WINDOWS\Explorer.EXE
igfxEM.exe 
igfxHK.exe 
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
ClassicStartMenu.exe -startup

"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe" 
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\TPFanControl\TPFanControl.exe" 
"C:\Users\T450\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" 
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" 
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" -Embedding
"C:\Program Files (x86)\Disig\Disig Web Signer 1.0.7\Updater\WebSignerTray.exe" 
"C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://destyy.com/wMEmhE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\T450\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\T450\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\T450\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=76.0.3809.100 --initial-client-data=0x78,0x7c,0x80,0x70,0x84,0x7ffbc9b7ef08,0x7ffbc9b7ef18,0x7ffbc9b7ef28
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=10392 --on-initialized-event-handle=532 --parent-handle=516 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --gpu-preferences=IAAAAAAAAADgAAAwAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --use-gl=swiftshader-webgl --service-request-channel-token=1198033882586672806 --mojo-platform-channel-handle=1568 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --lang=sk --service-sandbox-type=network --service-request-channel-token=6208200023271935404 --mojo-platform-channel-handle=1892 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --lang=sk --extension-process --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4228621202039336098 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --lang=sk --extension-process --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8540860729474335458 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --disable-gpu-compositing --lang=sk --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11196304397426800670 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\System32\hvsimgr.exe -Embedding
C:\WINDOWS\system32\HvsiRdpClient.exe 988
C:\WINDOWS\system32\HvsiRpcD.exe 964
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\rempl\sedsvc.exe"

c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
C:\WINDOWS\system32\AUDIODG.EXE 0x2d8
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "C:\Users\T450\Desktop\Tomas\Filmy\Dva a pol chlapa\Dva a pol chlapa 7. séria"
C:\Windows\helppane.exe -Embedding
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --disable-gpu-compositing --lang=sk --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16642907477078514100 --renderer-client-id=412 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --disable-gpu-compositing --lang=sk --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10394361714561471770 --renderer-client-id=496 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --disable-gpu-compositing --lang=sk --extension-process --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4574761537532145848 --renderer-client-id=498 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --disable-gpu-compositing --lang=sk --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7313554089812274940 --renderer-client-id=499 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --disable-gpu-compositing --lang=sk --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4637817676063730211 --renderer-client-id=523 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --disable-gpu-compositing --lang=sk --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14298596321771823505 --renderer-client-id=550 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,4160416789335073702,5953810457702231710,131072 --disable-gpu-compositing --lang=sk --disable-client-side-phishing-detection --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9664591889736850490 --renderer-client-id=555 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
"C:\Users\T450\Desktop\RSITx64.exe" 

=========Mozilla firefox=========

ProfilePath - C:\Users\T450\AppData\Roaming\Mozilla\Firefox\Profiles\qtkw9hyo.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13 885560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13 551736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13 760632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13 507192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13 885560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13 760632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"TPFanControl"=C:\Program Files\TPFanControl\TPFanControl.exe [2013-02-02 156672]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2017-08-13 163640]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05 508240]
"AdobeGCInvoker-1.0"=C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2019-07-04 2849872]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2019-03-24 302904]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"=C:\Windows\SysWOW64\OneDriveSetup.exe [2018-04-12 20488312]
"f.lux"=C:\Users\T450\AppData\Local\FluxSoftware\Flux\flux.exe [2019-05-07 1378824]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2019-01-15 67896]
"iCloudDrive"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [2019-01-15 110392]
"iCloudPhotos"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [2019-01-15 356664]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2019-01-15 67384]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2012-03-26 449168]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2019-04-18 456160]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
update.bat
Web Signer.lnk - C:\Program Files (x86)\Disig\Disig Web Signer 1.0.7\Updater\WebSignerTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hvsifltr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2019-08-10 19:26:53 ----D---- C:\rsit
2019-08-10 19:26:53 ----D---- C:\Program Files\trend micro
2019-08-10 19:23:18 ----D---- C:\FRST
2019-08-10 15:04:37 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\SYSWOW64\LicensingWinRT.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\wldp.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\pcasvc.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\MusNotification.exe
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\invagent.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\generaltel.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\devinv.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\dcntel.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\aepic.dll
2019-08-10 15:04:37 ----A---- C:\WINDOWS\system32\aeinv.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\SYSWOW64\ncryptprov.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\system32\sppwinob.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\system32\pkeyhelper.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-10 15:04:36 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-10 15:04:36 ----A---- C:\WINDOWS\system32\appraiser.dll
2019-08-10 15:04:35 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2019-08-10 15:04:35 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2019-08-10 15:04:35 ----A---- C:\WINDOWS\system32\twinui.dll
2019-08-10 15:04:35 ----A---- C:\WINDOWS\system32\sppobjs.dll
2019-08-10 15:04:35 ----A---- C:\WINDOWS\system32\policymanager.dll
2019-08-10 15:04:35 ----A---- C:\WINDOWS\system32\ncryptprov.dll
2019-08-10 15:04:34 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2019-08-10 15:04:34 ----A---- C:\WINDOWS\system32\shell32.dll
2019-08-10 15:04:34 ----A---- C:\WINDOWS\system32\aitstatic.exe
2019-08-10 15:04:34 ----A---- C:\WINDOWS\explorer.exe
2019-08-10 15:04:33 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-10 15:04:33 ----A---- C:\WINDOWS\system32\audiosrv.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\SYSWOW64\AppxPackaging.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\SYSWOW64\AppxAllUserStore.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\system32\TDLMigration.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2019-08-10 15:04:32 ----A---- C:\WINDOWS\system32\dssvc.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\system32\wlanmsm.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\system32\rmclient.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\system32\InputService.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\system32\AppxPackaging.dll
2019-08-10 15:04:31 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-08-10 15:04:30 ----A---- C:\WINDOWS\system32\wlansvc.dll
2019-08-10 15:04:30 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-08-10 15:04:30 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-10 15:04:30 ----A---- C:\WINDOWS\system32\dwmcore.dll
2019-08-10 15:04:30 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2019-08-10 15:04:30 ----A---- C:\WINDOWS\system32\AppxAllUserStore.dll
2019-08-10 15:04:29 ----A---- C:\WINDOWS\system32\edgehtml.dll
2019-08-10 15:04:28 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2019-08-10 15:04:28 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2019-08-10 15:04:28 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2019-08-10 15:04:28 ----A---- C:\WINDOWS\system32\rdpcore.dll
2019-08-10 15:04:28 ----A---- C:\WINDOWS\system32\hvsirpcd.exe
2019-08-10 15:04:27 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2019-08-10 15:04:27 ----A---- C:\WINDOWS\system32\mstscax.dll
2019-08-10 15:04:27 ----A---- C:\WINDOWS\system32\mshtml.dll
2019-08-10 15:04:27 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2019-08-10 15:04:27 ----A---- C:\WINDOWS\system32\dnsapi.dll
2019-08-10 15:04:25 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\SYSWOW64\AppVEntSubsystems32.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\vmcompute.exe
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\vmcompute.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\TransportDSA.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\HvsiSettingsProvider.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\hvsicontainerservice.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\AppVReporting.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\AppVPublishing.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\AppVIntegration.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-10 15:04:23 ----A---- C:\WINDOWS\system32\AppVCatalog.dll
2019-08-10 15:04:22 ----A---- C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-10 15:04:21 ----A---- C:\WINDOWS\SYSWOW64\DWrite.dll
2019-08-10 15:04:21 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2019-08-10 15:04:21 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2019-08-10 15:04:21 ----A---- C:\WINDOWS\system32\FntCache.dll
2019-08-10 15:04:21 ----A---- C:\WINDOWS\system32\DWrite.dll
2019-08-10 15:04:21 ----A---- C:\WINDOWS\system32\combase.dll
2019-08-10 15:04:20 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2019-08-10 15:04:19 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2019-08-10 15:04:18 ----A---- C:\WINDOWS\system32\securekernel.exe
2019-08-10 15:04:18 ----A---- C:\WINDOWS\system32\rdpudd.dll
2019-08-10 15:04:18 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-08-10 15:04:18 ----A---- C:\WINDOWS\system32\drivers\appid.sys
2019-08-10 15:04:17 ----A---- C:\WINDOWS\system32\windows.storage.dll
2019-08-10 15:04:17 ----A---- C:\WINDOWS\system32\QuietHours.dll
2019-08-10 15:04:16 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2019-08-10 15:04:16 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-08-10 15:04:15 ----A---- C:\WINDOWS\system32\wpx.dll
2019-08-10 15:04:15 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-10 15:04:15 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-08-10 15:04:15 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2019-08-10 15:04:15 ----A---- C:\WINDOWS\system32\StartTileData.dll
2019-08-10 15:04:15 ----A---- C:\WINDOWS\system32\NotificationController.dll
2019-08-10 15:04:14 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-08-10 15:04:14 ----A---- C:\WINDOWS\system32\ieframe.dll
2019-08-10 15:04:13 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2019-08-10 15:04:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2019-08-10 15:04:13 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2019-08-10 15:04:13 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-08-10 15:04:13 ----A---- C:\WINDOWS\system32\skci.dll
2019-08-10 15:04:13 ----A---- C:\WINDOWS\system32\ci.dll
2019-08-10 15:04:12 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-08-10 15:04:12 ----A---- C:\WINDOWS\system32\sppcext.dll
2019-08-10 15:04:12 ----A---- C:\WINDOWS\system32\SharedRealitySvc.dll
2019-08-10 15:04:12 ----A---- C:\WINDOWS\system32\phoneactivate.exe
2019-08-10 15:04:12 ----A---- C:\WINDOWS\system32\nettrace.dll
2019-08-10 15:04:12 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2019-08-10 15:04:12 ----A---- C:\WINDOWS\system32\jscript9.dll
2019-08-10 15:04:12 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2019-08-10 15:04:11 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2019-08-10 15:04:11 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2019-08-10 15:04:11 ----A---- C:\WINDOWS\system32\iertutil.dll
2019-08-10 15:04:11 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2019-08-10 15:04:11 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2019-08-10 15:04:11 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-10 15:04:11 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-10 15:04:10 ----A---- C:\WINDOWS\SYSWOW64\tdh.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\SYSWOW64\sppcext.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\SYSWOW64\nshwfp.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\wuaueng.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\win32kbase.sys
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\vmwp.exe
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\tdh.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\sppcommdlg.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\slui.exe
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\nshwfp.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\KernelBase.dll
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-08-10 15:04:10 ----A---- C:\WINDOWS\system32\drivers\vpcivsp.sys
2019-08-10 15:04:09 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeManagerObj.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\wc_storage.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\rpcss.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\ole32.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\gdi32full.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\bcrypt.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-10 15:04:09 ----A---- C:\WINDOWS\system32\acmigration.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\winload.exe
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\wer.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\lsasrv.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\daxexec.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2019-08-10 15:04:08 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2019-08-10 15:04:07 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\winresume.exe
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\msvproc.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\hal.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\edgeIso.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-10 15:04:07 ----A---- C:\WINDOWS\system32\AcGenral.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\SYSWOW64\wermgr.exe
2019-08-10 15:04:06 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\SYSWOW64\Unistore.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2019-08-10 15:04:06 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\SYSWOW64\dmenrollengine.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\wermgr.exe
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\Unistore.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\rdpclip.exe
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\offreg.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\nltest.exe
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\hvloader.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\efscore.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\drivers\mssecflt.sys
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\dmenrollengine.dll
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2019-08-10 15:04:06 ----A---- C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\wlanapi.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\TokenBrokerUI.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\profext.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\InputSwitch.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\SYSWOW64\dmvdsitf.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\WSReset.exe
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\wlanapi.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\wkssvc.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\vdsbas.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\TpmTasks.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\TokenBrokerUI.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\rastls.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\profext.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\LicensingUI.exe
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\KdsCli.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\kdnet.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\changepk.exe
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\drivers\PEAuth.sys
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\drivers\dumpfve.sys
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\dmvdsitf.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-08-10 15:04:05 ----A---- C:\WINDOWS\system32\bcdedit.exe
2019-08-10 15:04:05 ----A---- C:\WINDOWS\splwow64.exe
2019-08-10 15:04:04 ----A---- C:\WINDOWS\SYSWOW64\enrollmentapi.dll
2019-08-10 15:04:04 ----A---- C:\WINDOWS\system32\RjvMDMConfig.dll
2019-08-10 15:04:04 ----A---- C:\WINDOWS\system32\mdmmigrator.dll
2019-08-10 15:04:04 ----A---- C:\WINDOWS\system32\MDMAgent.exe
2019-08-10 15:04:04 ----A---- C:\WINDOWS\system32\iphlpsvc.dll
2019-08-10 15:04:04 ----A---- C:\WINDOWS\system32\enrollmentapi.dll
2019-07-13 05:24:28 ----D---- C:\AdwCleaner
2019-07-06 23:30:16 ----D---- C:\Users\T450\AppData\Roaming\SUPERAntiSpyware.com
2019-07-06 23:29:56 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2019-06-29 10:27:46 ----D---- C:\Users\T450\AppData\Roaming\Panda Security
2019-06-29 10:26:12 ----D---- C:\Program Files (x86)\Panda Security
2019-06-29 10:21:46 ----D---- C:\ProgramData\Panda Security
2019-06-28 18:13:06 ----D---- C:\ProgramData\Spyware Terminator
2019-06-28 18:08:23 ----D---- C:\Program Files (x86)\Spyware Terminator
2019-06-25 18:39:39 ----A---- C:\WINDOWS\system32\bootdelete.exe
2019-06-25 18:33:10 ----A---- C:\WINDOWS\system32\drivers\hitmanpro37.sys
2019-06-25 18:32:52 ----D---- C:\ProgramData\HitmanPro
2019-06-19 13:24:43 ----D---- C:\Program Files\UNP
2019-06-14 10:20:59 ----A---- C:\WINDOWS\system32\drivers\MbamElam.sys
2019-06-12 15:09:43 ----A---- C:\WINDOWS\SYSWOW64\WMVCORE.DLL
2019-06-12 15:09:43 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 15:09:43 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2019-06-12 15:09:43 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2019-06-12 15:09:43 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 15:09:43 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 15:09:42 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2019-06-12 15:09:42 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2019-06-12 15:09:42 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2019-06-12 15:09:42 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2019-06-12 15:09:42 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 15:09:42 ----A---- C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 15:09:42 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 15:09:42 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 15:09:41 ----A---- C:\WINDOWS\SYSWOW64\TSWorkspace.dll
2019-06-12 15:09:41 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2019-06-12 15:09:41 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 15:09:41 ----A---- C:\WINDOWS\system32\urlmon.dll
2019-06-12 15:09:41 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 15:09:41 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2019-06-12 15:09:41 ----A---- C:\WINDOWS\system32\AudioEng.dll
2019-06-12 15:09:40 ----A---- C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 15:09:39 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2019-06-12 15:09:39 ----A---- C:\WINDOWS\system32\drivers\stornvme.sys
2019-06-12 15:09:39 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2019-06-12 15:09:39 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2019-06-12 15:09:39 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2019-06-12 15:09:38 ----A---- C:\WINDOWS\system32\msfeeds.dll
2019-06-12 15:09:37 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2019-06-12 15:09:37 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2019-06-12 15:09:37 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2019-06-12 15:09:37 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 15:09:37 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 15:09:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2019-06-12 15:09:36 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2019-06-12 15:09:36 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2019-06-12 15:09:36 ----A---- C:\WINDOWS\system32\wuuhext.dll
2019-06-12 15:09:36 ----A---- C:\WINDOWS\system32\SIHClient.exe
2019-06-12 15:09:36 ----A---- C:\WINDOWS\system32\msv1_0.dll
2019-06-12 15:09:36 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2019-06-12 15:09:36 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 15:09:36 ----A---- C:\WINDOWS\system32\audiodg.exe
2019-06-12 15:09:36 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 15:09:35 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2019-06-12 15:09:35 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2019-06-12 15:09:35 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2019-06-12 15:09:35 ----A---- C:\WINDOWS\SYSWOW64\credprovhost.dll
2019-06-12 15:09:35 ----A---- C:\WINDOWS\system32\drivers\Wnv.sys
2019-06-12 15:09:35 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2019-06-12 15:09:34 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2019-06-12 15:09:34 ----A---- C:\WINDOWS\system32\ieproxy.dll
2019-06-12 15:09:33 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 15:09:32 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2019-06-12 15:09:32 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2019-06-12 15:09:32 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 15:09:32 ----A---- C:\WINDOWS\system32\mf.dll
2019-06-12 15:09:32 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2019-06-12 15:09:32 ----A---- C:\WINDOWS\system32\CPFilters.dll
2019-06-12 15:09:31 ----A---- C:\WINDOWS\system32\schannel.dll
2019-06-12 15:09:31 ----A---- C:\WINDOWS\system32\kerberos.dll
2019-06-12 15:09:31 ----A---- C:\WINDOWS\system32\esent.dll
2019-06-12 15:09:31 ----A---- C:\WINDOWS\system32\AudioSes.dll
2019-06-12 15:09:30 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 15:09:29 ----A---- C:\WINDOWS\system32\WWAHost.exe
2019-06-12 15:09:29 ----A---- C:\WINDOWS\system32\msxml6.dll
2019-06-12 15:09:29 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2019-06-12 15:09:28 ----A---- C:\WINDOWS\system32\msi.dll
2019-06-12 15:09:28 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2019-06-12 15:09:28 ----A---- C:\WINDOWS\system32\credprovhost.dll
2019-06-12 15:09:27 ----A---- C:\WINDOWS\system32\wininet.dll
2019-06-12 15:09:27 ----A---- C:\WINDOWS\system32\drivers\WdiWiFi.sys
2019-06-12 15:09:25 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 15:09:24 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 15:09:24 ----A---- C:\WINDOWS\system32\mfcore.dll
2019-06-12 15:09:23 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2019-06-12 15:09:23 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2019-06-12 15:09:23 ----A---- C:\WINDOWS\system32\mfps.dll
2019-06-12 15:09:22 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2019-06-12 15:09:19 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2019-06-12 15:09:19 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2019-06-12 15:09:19 ----A---- C:\WINDOWS\system32\wpncore.dll
2019-06-12 15:09:19 ----A---- C:\WINDOWS\system32\wpnapps.dll
2019-06-12 15:09:19 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 15:09:19 ----A---- C:\WINDOWS\system32\diagtrack.dll
2019-06-12 15:09:19 ----A---- C:\WINDOWS\system32\cdp.dll
2019-06-12 15:09:18 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2019-06-12 15:09:18 ----A---- C:\WINDOWS\SYSWOW64\wpnapps.dll
2019-06-12 15:09:17 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2019-06-12 15:09:17 ----A---- C:\WINDOWS\system32\StorSvc.dll
2019-06-12 15:09:16 ----A---- C:\WINDOWS\system32\wuapi.dll
2019-06-12 15:09:16 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 15:09:16 ----A---- C:\WINDOWS\system32\localspl.dll
2019-06-12 15:09:15 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 15:09:14 ----A---- C:\WINDOWS\system32\usoapi.dll
2019-06-12 15:09:14 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 15:09:14 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 15:09:14 ----A---- C:\WINDOWS\system32\updatecsp.dll
2019-06-12 15:09:14 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 15:09:14 ----A---- C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 15:09:14 ----A---- C:\WINDOWS\system32\browserbroker.dll
2019-06-12 15:09:13 ----A---- C:\WINDOWS\system32\usocore.dll
2019-06-12 15:09:13 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\SYSWOW64\msrd3x40.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\SYSWOW64\msjet40.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\system32\ntdll.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\system32\InstallService.dll
2019-06-12 15:09:07 ----A---- C:\WINDOWS\system32\hvsirdpclient.exe
2019-06-12 15:09:07 ----A---- C:\WINDOWS\system32\hvsimgr.exe
2019-06-12 15:09:07 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 15:09:06 ----A---- C:\WINDOWS\SYSWOW64\msexcl40.dll
2019-06-12 15:09:06 ----A---- C:\WINDOWS\SYSWOW64\esent.dll
2019-06-12 15:09:06 ----A---- C:\WINDOWS\system32\schedsvc.dll
2019-06-12 15:09:06 ----A---- C:\WINDOWS\system32\PeerDistSvc.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\SYSWOW64\userenv.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\SYSWOW64\PeerDistSh.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\SYSWOW64\mf3216.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\usermgr.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\userenv.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\taskcomp.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\srvsvc.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\PeerDistSh.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\PeerDistCleaner.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\PeerDistCacheProvider.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\mf3216.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 15:09:05 ----A---- C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\wups.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\wevtapi.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\usoapi.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\taskcomp.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\PeerDist.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\msltus40.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\KerbClientShared.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\esentutl.exe
2019-06-12 15:09:04 ----A---- C:\WINDOWS\SYSWOW64\dot3gpui.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\wups2.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\wups.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\wevtapi.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\wdigest.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\UsoClient.exe
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\tzres.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\storewuauth.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\sscore.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\pku2u.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\PeerDist.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\esentutl.exe
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\DuCsps.dll
2019-06-12 15:09:04 ----A---- C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 08:56:18 ----D---- C:\ProgramData\Caphyon
2019-06-12 08:21:29 ----A---- C:\WINDOWS\system32\drivers\scdemu.sys
2019-06-12 08:21:28 ----D---- C:\Program Files\PowerISO
2019-06-11 09:26:36 ----D---- C:\Program Files (x86)\EAC MW klient

======List of files/folders modified in the last 2 months======

2019-08-10 19:40:42 ----D---- C:\WINDOWS\Temp
2019-08-10 19:38:00 ----D---- C:\WINDOWS\Prefetch
2019-08-10 19:28:00 ----D---- C:\WINDOWS\system32\sru
2019-08-10 19:26:53 ----RD---- C:\Program Files
2019-08-10 19:26:16 ----D---- C:\Windows
2019-08-10 19:25:39 ----DC---- C:\Users\T450\AppData\Roaming\vlc
2019-08-10 19:23:22 ----SHD---- C:\System Volume Information
2019-08-10 19:18:13 ----DC---- C:\Users\T450\AppData\Roaming\gtk-2.0
2019-08-10 19:09:20 ----D---- C:\WINDOWS\system32\SleepStudy
2019-08-10 18:26:12 ----D---- C:\WINDOWS\system32\Tasks
2019-08-10 18:25:59 ----D---- C:\WINDOWS\AutoKMS
2019-08-10 17:51:21 ----D---- C:\WINDOWS\Tasks
2019-08-10 16:30:39 ----D---- C:\WINDOWS\System32
2019-08-10 16:30:39 ----D---- C:\WINDOWS\INF
2019-08-10 16:30:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-10 16:25:38 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-08-10 16:25:30 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-08-10 16:24:37 ----D---- C:\WINDOWS\SYSWOW64\Lenovo
2019-08-10 16:24:36 ----D---- C:\Program Files\Lenovo
2019-08-10 16:24:35 ----D---- C:\Program Files (x86)\Lenovo
2019-08-10 16:09:27 ----D---- C:\WINDOWS\system32\drivers
2019-08-10 15:34:11 ----D---- C:\WINDOWS\system32\catroot2
2019-08-10 15:16:59 ----D---- C:\WINDOWS\system32\config
2019-08-10 15:15:29 ----RD---- C:\WINDOWS\Microsoft.NET
2019-08-10 15:13:13 ----D---- C:\WINDOWS\AppReadiness
2019-08-10 15:12:55 ----D---- C:\WINDOWS\WinSxS
2019-08-10 15:12:44 ----D---- C:\WINDOWS\system32\DriverStore
2019-08-10 15:11:54 ----D---- C:\WINDOWS\TextInput
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\oobe
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\en-US
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\Dism
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2019-08-10 15:11:54 ----D---- C:\WINDOWS\SysWOW64
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\zu-ZA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\yo-NG
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\xh-ZA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\wo-SN
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\tn-ZA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\ti-ET
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\rw-RW
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\oobe
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\nso-ZA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\migration
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\ig-NG
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\chr-CHER-US
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\en-US
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\Dism
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\Boot
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2019-08-10 15:11:54 ----D---- C:\WINDOWS\system32\appraiser
2019-08-10 15:11:54 ----D---- C:\WINDOWS\ShellComponents
2019-08-10 15:11:54 ----D---- C:\WINDOWS\Provisioning
2019-08-10 15:11:53 ----D---- C:\WINDOWS\bcastdvr
2019-08-10 15:11:53 ----D---- C:\WINDOWS\apppatch
2019-08-10 15:11:53 ----D---- C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-10 15:11:32 ----D---- C:\WINDOWS\system32\MRT
2019-08-10 15:09:07 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-08-10 15:07:08 ----D---- C:\WINDOWS\CbsTemp
2019-08-10 13:13:52 ----D---- C:\WINDOWS\Logs
2019-08-10 13:10:37 ----SHD---- C:\WINDOWS\Installer
2019-08-10 12:48:47 ----D---- C:\WINDOWS\system32\drivers\wd
2019-07-22 18:59:53 ----SD---- C:\ProgramData\Microsoft
2019-07-14 08:36:42 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2019-07-13 07:18:23 ----DC---- C:\Users\T450\AppData\Roaming\Apple Computer
2019-07-10 21:44:19 ----D---- C:\ProgramData\boost_interprocess
2019-07-09 12:14:31 ----D---- C:\WINDOWS\system32\Macromed
2019-07-09 12:14:30 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2019-07-08 19:06:47 ----D---- C:\Program Files\Common Files\Apple
2019-07-06 23:30:16 ----HD---- C:\ProgramData
2019-06-29 18:26:29 ----RSD---- C:\WINDOWS\Fonts
2019-06-29 13:59:25 ----D---- C:\WINDOWS\system32\drivers\etc
2019-06-29 13:50:40 ----HD---- C:\Program Files\WindowsApps
2019-06-29 11:05:46 ----D---- C:\WINDOWS\SYSWOW64\drivers
2019-06-29 10:27:53 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2019-06-29 10:27:53 ----D---- C:\WINDOWS\system32\GroupPolicy
2019-06-29 10:26:12 ----RD---- C:\Program Files (x86)
2019-06-28 09:08:54 ----D---- C:\ProgramData\Packages
2019-06-26 09:22:17 ----HD---- C:\WINDOWS\ELAMBKUP
2019-06-22 20:16:19 ----D---- C:\Program Files\rempl
2019-06-14 10:20:42 ----D---- C:\ProgramData\Malwarebytes
2019-06-12 19:04:35 ----D---- C:\WINDOWS\SYSWOW64\sk-SK
2019-06-12 19:04:34 ----D---- C:\WINDOWS\system32\wbem
2019-06-12 19:04:34 ----D---- C:\WINDOWS\system32\sk-SK
2019-06-12 19:04:34 ----D---- C:\WINDOWS\ShellExperiences
2019-06-12 19:04:34 ----D---- C:\WINDOWS\PolicyDefinitions
2019-06-12 19:04:34 ----D---- C:\Program Files\internet explorer
2019-06-12 19:04:34 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2016-06-16 1469944]
R0 IntelHSWPcc;IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [2015-06-09 88256]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2019-07-04 304144]
R0 PMDRVS;PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [2018-05-23 44232]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R1 hvsifltr;@%SystemRoot%\System32\drivers\hvsifltr.sys,-5000; C:\WINDOWS\System32\drivers\hvsifltr.sys [2018-11-09 52728]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2017-06-07 138296]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2019-03-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 e1dexpress;@oem18.inf,%e1dExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [2016-05-10 542672]
R3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-06-07 76304]
R3 hvsocketcontrol;hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [2018-09-23 26624]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\System32\drivers\ibmpmdrv.sys [2018-05-23 87760]
R3 ibtusb;@oem52.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2018-05-16 136728]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2018-05-24 7972248]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2017-09-21 5954520]
R3 MEIx64;@oem19.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2016-04-04 195152]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [2018-06-30 8709656]
R3 RTSPER;@oem23.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [2016-08-24 786688]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 MbamElam;MbamElam; C:\WINDOWS\system32\DRIVERS\MbamElam.sys [2019-02-01 20936]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 aftap0901;@oem82.inf,%DeviceDescription%;AnchorFree TAP-Windows Adapter V9; C:\WINDOWS\System32\drivers\aftap0901.sys [2017-11-16 48624]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2018-04-12 127384]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2019-03-14 164664]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2018-04-12 143768]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-01-09 92704]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2019-06-07 1102336]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2017-11-30 491048]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 Netaapl;@oem25.inf,%Netaapl.Service.DispName%;Apple Mobile Device Ethernet Service; C:\WINDOWS\System32\drivers\netaapl64.sys [2014-08-15 23040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 passthruparser;@%systemroot%\system32\drivers\passthruparser.sys,-10010; C:\WINDOWS\system32\drivers\passthruparser.sys [2018-09-23 24064]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 pvhdparser;@%systemroot%\system32\drivers\pvhdparser.sys,-10010; C:\WINDOWS\system32\drivers\pvhdparser.sys [2018-09-23 51712]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-03-06 945464]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2019-07-24 88136]
R2 AGMService;Adobe Genuine Monitor Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2019-07-04 3117648]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2019-07-04 2888272]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2019-03-08 96056]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CDPUserSvc_5d1bc;Connected Devices Platform User Service_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2018-06-25 641632]
R2 hvsics;@%SystemRoot%\system32\HvsiContainerService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 IBMPMSVC;@oem53.inf,%ibm.svcDesc0%;Lenovo PM Service; C:\WINDOWS\System32\ibmpmsvc.exe [2018-05-23 855968]
R2 ibtsiva;@oem52.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2018-05-24 373656]
R2 LPlatSvc;@oem53.inf,%Lenovo.svcDesc1%;Lenovo Platform Service; C:\WINDOWS\System32\LPlatSvc.exe [2018-05-23 774040]
R2 OneSyncSvc_5d1bc;Sync Host_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2018-06-25 156768]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2017-09-21 324576]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool; C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe [2009-10-23 320512]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2019-06-11 363016]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-05-20 43648]
R3 hns;@%systemroot%\system32\HostNetSvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 nvagent;@%systemroot%\system32\NvAgent.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-10 153168]
S2 Lenovo Instant On;Lenovo EasyResume Service; C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe []
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-07-09 335416]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService_5d1bc;GameDVR and Broadcast User Service_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService_5d1bc;Bluetooth User Support Service_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 CaptureService_5d1bc;CaptureService_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2018-05-24 502680]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc_5d1bc;DevicePicker_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc_5d1bc;DevicesFlow_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-05-03 90112]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gcs;@%systemroot%\system32\vmcomputeagent.exe,-100; C:\WINDOWS\system32\vmcomputeagent.exe [2018-09-23 1292704]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\elevation_service.exe [2019-08-06 1096176]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-10 153168]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2019-03-24 658744]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2019-02-01 6562472]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService_5d1bc;MessagingService_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2019-04-09 238544]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PimIndexMaintenanceSvc_5d1bc;Contact Data_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc_5d1bc;PrintWorkflow_5d1bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2019-07-04 5073792]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2019-03-14 827704]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2018-06-25 265824]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118238
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vírus destyy.com a zákerné otváranie okien

#3 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
element
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 10 srp 2019 18:20
Kontaktovat uživatele:
Kontaktovat uživatele element

Re: Vírus destyy.com a zákerné otváranie okien

#4 Příspěvek od element »

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-10-2019
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Spirální stabilizace pátere - Na Úbocí 10, Praha 8, Czech Republic, 00420-284 810 231, spirstab@spirstab.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2295 octets] - [13/07/2019 05:26:21]
AdwCleaner[C00].txt - [2315 octets] - [13/07/2019 05:27:12]
AdwCleaner[S01].txt - [1478 octets] - [10/08/2019 14:15:56]
AdwCleaner[C01].txt - [1644 octets] - [10/08/2019 14:16:56]
AdwCleaner[S02].txt - [1911 octets] - [10/08/2019 16:24:04]
AdwCleaner[C02].txt - [2114 octets] - [10/08/2019 16:24:38]
AdwCleaner[S03].txt - [1798 octets] - [10/08/2019 20:06:24]
AdwCleaner[S04].txt - [1859 octets] - [10/08/2019 20:07:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########


:(
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118238
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vírus destyy.com a zákerné otváranie okien

#5 Příspěvek od Rudy »

Dejte nové logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
element
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 10 srp 2019 18:20
Kontaktovat uživatele:
Kontaktovat uživatele element

Re: Vírus destyy.com a zákerné otváranie okien

#6 Příspěvek od element »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019
Ran by T450 (administrator) on TOMAS (LENOVO 20BUS0X10N) (10-08-2019 21:30:40)
Running from C:\Users\T450\Desktop
Loaded Profiles: T450 (Available Profiles: T450)
Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: Angličtina (USA)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Disig a.s. -> Disig a.s.) C:\Program Files (x86)\Disig\Disig Web Signer 1.0.7\Updater\WebSignerTray.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\T450\AppData\Local\FluxSoftware\Flux\flux.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\tposd.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\hvsimgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\hvsirdpclient.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\hvsirpcd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\vmwp.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Solid Documents, LLC) [File not signed] C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(troubadix) [File not signed] C:\Program Files\TPFanControl\TPFanControl.exe
Failed to access process -> vmmem

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [156672 2013-02-02] (troubadix) [File not signed]
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2019-04-18] (Power Software Limited -> Power Software Ltd)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [f.lux] => C:\Users\T450\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-10] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-05-05] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Web Signer.lnk [2018-10-06]
ShortcutTarget: Web Signer.lnk -> C:\Program Files (x86)\Disig\Disig Web Signer 1.0.7\Updater\WebSignerTray.exe (Disig a.s. -> Disig a.s.)
BootExecute: autocheck autochk * bootdelete

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {081AD513-5918-4D9B-8FD5-283B6882A50A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {22265DBF-9DFB-4CF4-90E3-1764DC69A632} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
Task: {25C5D5BD-BF3D-4FA9-AD2A-DD1E6E25C7C5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {46B3094D-8B02-4139-AD49-B1D80B8C787A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5E25BCEE-D4C2-4E61-8C48-ADBD7BA86A29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-10] (Google Inc -> Google Inc.)
Task: {6CE5E028-AA52-4146-A3B5-D97D270370F6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
Task: {8391F2FE-C99B-4410-BC71-39350BC53003} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {92296A20-0D36-4F43-A0F4-6BC7BED0E19A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AC061F61-8814-44EC-AA6B-1F28ED3FC67B} - System32\Tasks\AdobeGCInvoker-1.0-TOMAS-T450 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {ACB553D5-E46E-49DC-8B50-33CA4F026671} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {C3569B8E-EAF8-43D6-8D26-3017880ED25B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-10] (Google Inc -> Google Inc.)
Task: {C3AC5672-755E-4549-8A37-4D2B4A624F8C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-4265333793-1255850415-3889696489-1001 => C:\Users\T450\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
Task: {CCD47C80-EEC9-461F-9E98-BAF1A5F6EFC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CE6A628F-DAE7-4FFC-BF7C-4620BF8F654B} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\WINDOWS\System32\ibmpmsvc.exe [855968 2018-05-23] (Lenovo -> Lenovo.)
Task: {D049F954-0DC7-4C0B-95E6-1CE1B31C51B7} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe
Task: {E5FC72C6-53AE-4680-8D96-108E23CFEC56} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {E9982440-C006-48E5-9477-2EC8211DACF3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0017f890-ab82-4120-81c3-beb49c53563d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2d25847a-b084-4369-b68c-f81d00c7069c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2eb10214-7d35-4f37-addf-88e59d1b6b99}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]

FireFox:
========
FF DefaultProfile: qtkw9hyo.default
FF ProfilePath: C:\Users\T450\AppData\Roaming\Mozilla\Firefox\Profiles\qtkw9hyo.default [2019-08-10]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.sk/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://app.livechatoo.com/tomaskolen/operator/sk/chat"
CHR Profile: C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default [2019-08-10]
CHR DownloadDir: C:\Users\T450\Desktop
CHR Extension: (Dokumenty) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-10]
CHR Extension: (Disk Google) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-10]
CHR Extension: (Chrome IG Story) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2019-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-11]
CHR Extension: (Full Page Screen Capture) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2019-08-10]
CHR Extension: (Tabuľky) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-10]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (AdBlock) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-10]
CHR Extension: (Go Fucking Work) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibmkkpfegfiinilnlabbfnjcopdiiig [2018-08-17]
CHR Extension: (Linkclump) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2019-04-19]
CHR Extension: (Boomerang for Gmail) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2019-06-29]
CHR Extension: (Kontrola pošty Google) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2018-03-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-19]
CHR Extension: (Disig Web Signer 1.0.7) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbdbcaekkgabdfaabepfjgiooilmaoe [2018-11-14]
CHR Extension: (LinkMiner) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdhdnpiclkaeicicamopfohidjokoom [2018-03-10]
CHR Extension: (Gmail) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-10]
CHR Profile: C:\Users\T450\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-06-13]
CHR Profile: C:\Users\T450\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-26]
CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [odbdbcaekkgabdfaabepfjgiooilmaoe] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S3 gcs; C:\WINDOWS\system32\vmcomputeagent.exe [1292704 2018-09-23] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
R2 hvsics; C:\WINDOWS\System32\hvsicontainerservice.dll [1073168 2019-07-04] (Microsoft Windows -> Microsoft Corporation)
R2 hvsics; C:\WINDOWS\SysWOW64\hvsicontainerservice.dll [22936 2018-05-20] (Microsoft Windows -> Microsoft Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [532968 2018-05-19] (Intel Corporation -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373656 2018-05-24] (Intel(R) pGFX -> Intel Corporation)
R2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [774040 2018-05-23] (Lenovo -> Lenovo.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265824 2018-06-25] (Intel Corporation -> )
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-09-23] (Microsoft Windows -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SCPDFReadSpool; C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe [320512 2009-10-23] (Solid Documents, LLC) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [277144 2018-11-19] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\TPHKLOAD.exe [422544 2018-07-18] (Lenovo -> Lenovo Group Limited)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848800 2018-06-25] (Intel Corporation -> Intel® Corporation)
S2 Lenovo Instant On; "C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe" [X]
S3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R1 hvsifltr; C:\WINDOWS\System32\drivers\hvsifltr.sys [52728 2018-11-09] (Microsoft Windows -> Microsoft Corporation)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-09-23] (Microsoft Windows -> Microsoft Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136728 2018-05-16] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-09] (Intel(R) Software -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8709656 2018-06-30] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [44232 2018-05-23] (Lenovo -> Lenovo.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [786688 2016-08-24] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [54928 2018-11-19] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [757824 2016-12-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-09-12] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-09-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-08-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-10 21:30 - 2019-08-10 21:31 - 000031485 ____C C:\Users\T450\Desktop\FRST.txt
2019-08-10 21:30 - 2019-08-10 21:30 - 002097664 ____C (Farbar) C:\Users\T450\Desktop\FRST64.exe
2019-08-10 21:18 - 2019-07-29 10:54 - 000000000 ____D C:\Users\T450\Desktop\kabelky AGC00350A nahodit
2019-08-10 21:17 - 2019-08-10 21:17 - 000000000 ____D C:\Users\T450\Desktop\faktúry na úhradu
2019-08-10 21:17 - 2019-08-10 21:17 - 000000000 ____D C:\Users\T450\Desktop\2015 kufre
2019-08-10 21:17 - 2019-08-05 00:54 - 000000000 ____D C:\Users\T450\Desktop\2609 tiez
2019-08-10 21:17 - 2019-07-31 22:38 - 026020148 ____C C:\Users\T450\Desktop\zlavovy-kupon-pobalsa_upravene.pdf
2019-08-10 19:26 - 2019-08-10 19:40 - 000000000 ____D C:\Program Files\trend micro
2019-08-10 19:26 - 2019-08-10 19:27 - 000000000 ____D C:\rsit
2019-08-10 19:23 - 2019-08-10 21:30 - 000000000 ____D C:\FRST
2019-08-10 19:18 - 2019-08-10 19:18 - 000114842 ____C C:\Users\T450\.recently-used.xbel
2019-08-10 16:17 - 2019-08-10 16:17 - 000000762 ____C C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-08-10 16:14 - 2019-08-10 20:08 - 000003700 _____ C:\WINDOWS\System32\Tasks\Lenovo Power Management Driver PnP Task
2019-08-10 15:04 - 2019-07-04 11:45 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-10 15:04 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-08-10 15:04 - 2019-07-04 11:41 - 001073168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvsicontainerservice.dll
2019-08-10 15:04 - 2019-07-04 11:41 - 000336936 _____ (Microsoft Corporation) C:\WINDOWS\system32\HvsiSettingsProvider.dll
2019-08-10 15:04 - 2019-07-04 11:41 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-10 15:04 - 2019-07-04 11:41 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvsirpcd.exe
2019-08-10 15:04 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-10 15:04 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-10 15:04 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-10 15:04 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-10 15:04 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-08-10 15:04 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-08-10 15:04 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-10 15:04 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-08-10 15:04 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-08-10 15:04 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-10 15:04 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-10 15:04 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-10 15:04 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-10 15:04 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-10 15:04 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-10 15:04 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-10 15:04 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-10 15:04 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-10 15:04 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-10 15:04 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-10 15:04 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-08-10 15:04 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-10 15:04 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-10 15:04 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-08-10 15:04 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-10 15:04 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-10 15:04 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-08-10 15:04 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-10 15:04 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-10 15:04 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-10 15:04 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-10 15:04 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-10 15:04 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-10 15:04 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-10 15:04 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-10 15:04 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-08-10 15:04 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-10 15:04 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-10 15:04 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-08-10 15:04 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-08-10 15:04 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-08-10 15:04 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-08-10 15:04 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-08-10 15:04 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-10 15:04 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-08-10 15:04 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-08-10 15:04 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-10 15:04 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-10 15:04 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-10 15:04 - 2019-07-04 06:27 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2019-08-10 15:04 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-10 15:04 - 2019-07-04 06:26 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2019-08-10 15:04 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-10 15:04 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-08-10 15:04 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-10 15:04 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-10 15:04 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-10 15:04 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-10 15:04 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-08-10 15:04 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-08-10 15:04 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-08-10 15:04 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-08-10 15:04 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-10 15:04 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-08-10 15:04 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-10 15:04 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-10 15:04 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-10 15:04 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-10 15:04 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-10 15:04 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-08-10 15:04 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-08-10 15:04 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-10 15:04 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-10 15:04 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-10 15:04 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-08-10 15:04 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-08-10 15:04 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-08-10 15:04 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-08-10 15:04 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-08-10 15:04 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-08-10 15:04 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-08-10 15:04 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-08-10 15:04 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-08-10 15:04 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-08-10 15:04 - 2019-06-13 13:43 - 001427984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-10 15:04 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-08-10 15:04 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-08-10 15:04 - 2019-06-13 13:42 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-08-10 15:04 - 2019-06-13 13:42 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-10 15:04 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-08-10 15:04 - 2019-06-13 13:41 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-10 15:04 - 2019-06-13 13:41 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-10 15:04 - 2019-06-13 13:41 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-10 15:04 - 2019-06-13 13:41 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-10 15:04 - 2019-06-13 13:40 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-10 15:04 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-08-10 15:04 - 2019-06-13 13:40 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-10 15:04 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-08-10 15:04 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-08-10 15:04 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-08-10 15:04 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-08-10 15:04 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-08-10 15:04 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-08-10 15:04 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-08-10 15:04 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-08-10 15:04 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-10 15:04 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-08-10 15:04 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-08-10 15:04 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-08-10 15:04 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-08-10 15:04 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-08-10 15:04 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-10 15:04 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-08-10 15:04 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-08-10 15:04 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-08-10 15:04 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-08-10 15:04 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-08-10 15:04 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-08-10 15:04 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-08-10 15:04 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-08-10 15:04 - 2019-06-13 12:11 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-08-10 15:04 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-08-10 15:04 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-08-10 15:04 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-08-10 15:04 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-08-10 15:04 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-08-10 15:04 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-10 15:04 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-08-10 15:04 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-08-10 15:04 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-08-10 15:04 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-08-10 15:04 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-08-10 15:04 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-08-10 15:04 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-08-10 15:04 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-08-10 15:04 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-08-10 15:04 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-08-10 15:04 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-08-10 15:04 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-08-10 15:04 - 2019-06-13 08:58 - 002300528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2019-08-10 15:04 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-10 15:04 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-08-10 15:04 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-08-10 15:04 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-08-10 15:04 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-10 15:04 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-08-10 15:04 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-08-10 15:04 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-10 15:04 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-10 15:04 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-08-10 15:04 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-08-10 15:04 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-08-10 15:04 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-10 15:04 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-08-10 15:04 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-08-10 15:04 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-08-10 15:04 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-08-10 15:04 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-08-10 15:04 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-08-10 15:04 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-08-10 15:04 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-08-10 15:04 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-08-10 15:04 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-08-10 15:04 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-10 15:04 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-10 15:04 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-08-10 15:04 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-10 15:04 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-08-10 15:04 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-08-10 15:04 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-08-10 15:04 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-10 15:04 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-10 15:04 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-08-10 15:04 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-08-10 15:04 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-08-10 15:04 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-08-10 15:04 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-10 15:04 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-10 15:04 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-10 15:04 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-08-10 15:04 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-08-10 15:04 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-08-10 15:04 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-08-10 15:04 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-08-10 15:04 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-08-10 15:04 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-10 15:04 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-08-10 15:04 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-08-10 15:04 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-08-10 15:04 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-08-10 15:04 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-08-10 15:04 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-10 15:04 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-08-10 15:04 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-23 11:58 - 2019-07-23 11:58 - 000000000 ____D C:\Users\T450\Desktop\585
2019-07-23 00:30 - 2019-07-23 00:30 - 000000000 ____D C:\Users\T450\Desktop\nahodit nove sady kufrov
2019-07-18 00:12 - 2019-07-18 11:56 - 000000513 ____C C:\Users\T450\Desktop\pridat okuliare.txt
2019-07-16 15:18 - 2019-07-16 15:18 - 000001190 ____C C:\Users\T450\Desktop\GIMP 2.lnk
2019-07-14 01:03 - 2019-07-15 21:24 - 000000191 ____C C:\Users\T450\Desktop\soferske pridat.txt
2019-07-13 05:24 - 2019-07-13 05:27 - 000000000 ____D C:\AdwCleaner

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-10 21:15 - 2018-05-19 15:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-10 20:13 - 2018-05-19 15:08 - 000838564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-10 20:13 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-10 20:09 - 2018-12-30 13:35 - 000000000 __RDC C:\Users\T450\iCloudDrive
2019-08-10 20:09 - 2018-09-23 14:10 - 000000828 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-08-10 20:09 - 2018-03-10 12:57 - 000000000 ___DC C:\Users\T450\AppData\Local\Packages
2019-08-10 20:08 - 2018-09-23 14:08 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2019-08-10 20:08 - 2018-05-19 15:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-10 20:08 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-10 20:08 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-08-10 20:08 - 2018-03-10 14:08 - 000000000 ____D C:\WINDOWS\AutoKMS
2019-08-10 20:08 - 2018-03-07 13:14 - 000000000 _SHDC C:\Users\T450\IntelGraphicsProfiles
2019-08-10 20:08 - 2018-03-07 13:13 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-08-10 20:06 - 2018-07-28 12:19 - 000000000 ___DC C:\Users\T450\AppData\Roaming\vlc
2019-08-10 19:30 - 2018-03-10 11:39 - 000000000 ___DC C:\Users\T450\AppData\Local\ClassicShell
2019-08-10 19:23 - 2018-03-10 12:18 - 000000000 ___DC C:\Users\T450\.gimp-2.6
2019-08-10 19:18 - 2018-05-19 15:03 - 000000000 ___DC C:\Users\T450
2019-08-10 19:18 - 2018-03-10 21:09 - 000000000 ___DC C:\Users\T450\AppData\Roaming\gtk-2.0
2019-08-10 16:24 - 2018-12-06 13:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Lenovo
2019-08-10 16:24 - 2018-03-07 13:57 - 000000000 ____D C:\Program Files\Lenovo
2019-08-10 16:24 - 2018-03-07 13:09 - 000000000 ____D C:\Program Files (x86)\Lenovo
2019-08-10 16:17 - 2019-06-25 09:13 - 000000000 ____D C:\Users\T450\AppData\Local\ESET
2019-08-10 15:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-10 15:12 - 2018-05-19 15:01 - 005107120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-10 15:11 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-10 15:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-10 15:11 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-08-10 15:11 - 2018-03-07 13:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-10 15:09 - 2018-03-07 13:46 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-10 15:07 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-10 13:52 - 2018-09-13 18:56 - 000000000 ___DC C:\Users\T450\AppData\Local\D3DSCache
2019-08-10 13:10 - 2018-05-19 15:08 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-08-10 12:49 - 2018-03-10 10:42 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-10 12:49 - 2018-03-10 10:42 - 000002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-10 12:48 - 2018-03-10 10:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-08-06 20:31 - 2019-04-28 00:48 - 000000280 ____C C:\Users\T450\Desktop\pridane produkty.txt
2019-07-18 12:28 - 2018-12-22 22:54 - 000000000 ____D C:\Users\T450\Documents\Bigasoft Total Video Converter
2019-07-18 11:20 - 2018-12-11 00:26 - 000000000 ____D C:\Users\T450\Desktop\Sablony
2019-07-15 21:26 - 2018-10-22 10:27 - 000001057 _____ C:\Users\T450\Desktop\Hlasky.txt
2019-07-14 08:36 - 2018-03-07 13:47 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-13 07:18 - 2018-12-30 13:35 - 000000000 ____D C:\Users\T450\Documents\Súbory Outlooku
2019-07-13 07:18 - 2018-04-01 19:02 - 000000000 ___DC C:\Users\T450\AppData\Roaming\Apple Computer
2019-07-11 09:06 - 2018-03-10 17:28 - 000000876 _____ C:\Users\T450\Desktop\bankove ucty.txt

==================== Files in the root of some directories ================

2018-09-23 14:42 - 2018-09-23 15:02 - 000001480 ____C () C:\Users\T450\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2018-09-28 10:36 - 2018-09-28 10:36 - 000000000 ____C () C:\Users\T450\AppData\Local\oobelibMkey.log

==================== SigCheckExt ================

2006-12-01 23:37 - 2006-12-01 23:37 - 000904704 _____ (Microsoft Corporation) C:\msdia80.dll
2018-09-23 13:59 - 1998-11-13 12:58 - 000307200 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUn0405.exe
2018-03-10 18:15 - 2012-06-14 18:18 - 000359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2018-03-10 18:15 - 2012-06-14 18:18 - 000039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2018-06-14 14:43 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2018-06-15 15:00 - 2009-10-23 20:15 - 000024576 _____ C:\WINDOWS\system32\solidlocalmon.dll
2018-06-15 15:00 - 2009-10-23 20:15 - 000012800 _____ C:\WINDOWS\system32\solidlocalui.dll
2017-08-13 09:49 - 2017-08-13 09:49 - 000291128 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2018-06-14 14:43 - 2017-07-30 12:50 - 003799552 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll
2018-06-14 14:43 - 2018-01-28 11:00 - 000794112 _____ C:\WINDOWS\system32\xvidcore.dll
2018-06-14 14:43 - 2018-01-28 11:00 - 000311296 _____ C:\WINDOWS\system32\xvidvfw.dll
2018-03-10 18:16 - 2012-01-16 15:21 - 000103424 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_B9U.dll
2018-03-10 18:15 - 2012-06-14 18:18 - 000366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2018-06-14 14:43 - 2015-10-24 18:00 - 000112128 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2018-06-14 14:43 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll
2018-09-18 13:03 - 2008-07-03 14:27 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70.dll
2012-03-12 20:56 - 2012-03-12 20:56 - 000947472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjava.dll
2018-09-18 13:03 - 2008-07-03 14:27 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp70.dll
2018-09-18 13:03 - 2008-07-03 14:27 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll
2018-09-18 13:03 - 2003-05-21 13:50 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2017-08-13 09:49 - 2017-08-13 09:49 - 000248120 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
2018-06-14 14:43 - 2017-07-30 12:50 - 003850240 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll
2018-06-14 14:43 - 2018-01-28 11:00 - 000694784 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2018-06-14 14:43 - 2018-01-28 11:00 - 000284672 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2019-08-10 21:30 - 2019-08-10 21:30 - 002097664 ____C (Farbar) C:\Users\T450\Desktop\FRST64.exe

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {8ca84aec-5bb8-11e8-a211-fbe2293d3c75}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.exe
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {cc3d5f54-5b64-11e8-b6cc-d783a414fe6c}
displaymessageoverride Recovery
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {8ca84aec-5bb8-11e8-a211-fbe2293d3c75}
nx OptIn
bootmenupolicy Standard
hypervisorlaunchtype Auto

Windows Boot Loader
-------------------
identifier {cc3d5f54-5b64-11e8-b6cc-d783a414fe6c}
device ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{cc3d5f55-5b64-11e8-b6cc-d783a414fe6c}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{cc3d5f55-5b64-11e8-b6cc-d783a414fe6c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {8ca84aec-5bb8-11e8-a211-fbe2293d3c75}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {cc3d5f54-5b64-11e8-b6cc-d783a414fe6c}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {cc3d5f55-5b64-11e8-b6cc-d783a414fe6c}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume3
ramdisksdipath \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ============================
Nahoru
element
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 10 srp 2019 18:20
Kontaktovat uživatele:
Kontaktovat uživatele element

Re: Vírus destyy.com a zákerné otváranie okien

#7 Příspěvek od element »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by T450 (10-08-2019 21:34:08)
Running from C:\Users\T450\Desktop
Windows 10 Pro Version 1803 17134.885 (X64) (2018-05-19 13:08:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4265333793-1255850415-3889696489-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4265333793-1255850415-3889696489-503 - Limited - Disabled)
Guest (S-1-5-21-4265333793-1255850415-3889696489-501 - Limited - Disabled)
T450 (S-1-5-21-4265333793-1255850415-3889696489-1001 - Administrator - Enabled) => C:\Users\T450
WDAGUtilityAccount (S-1-5-21-4265333793-1255850415-3889696489-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

adobe (HKLM\...\{C292D9FF-FE73-4A50-8FEB-3BE480A6DB27}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Balík softvéru eID (HKLM-x32\...\{45209058-df6b-4427-863f-d0ff890b829b}) (Version: 1.0.0.0 - Ministerstvo vnútra Slovenskej republiky) Hidden
Balík softvéru eID (HKLM-x32\...\{ea81dcd3-f9f3-4959-8bee-0349fc294ae5}) (Version: 1.0.0.0 - Ministerstvo vnútra Slovenskej republiky) Hidden
Bigasoft Total Video Converter 6.0.4.6443 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C6760}_is1) (Version: - Bigasoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.02 - Canon Inc.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Diablo II: Lord of Destruction CZ (HKLM-x32\...\Diablo II: Lord of Destruction CZ 1.13) (Version: 1.13 - Blizzard Entertainment)
Disig Web Signer 1.0.7 (HKLM-x32\...\{21859B7E-5E38-4892-A480-FA8B180ADE72}) (Version: 1.1.8 - Disig)
EAC MW klient (HKLM-x32\...\{07631776-6559-4A13-A997-48A437226978}) (Version: 3.2.0 - Ministerstvo vnútra Slovenskej republiky)
f.lux (HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\Flux) (Version: - f.lux Software LLC)
GIMP 2.6.12 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Gram Multitool 2 (HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\gmt2) (Version: 0.9.10 - Fagenorn)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{b23c55fa-5271-4d64-ba8f-6718be55b9a7}) (Version: 10.1.1.33 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{31a05164-f722-485c-90e3-db78421fa156}) (Version: 20.70.0 - Intel Corporation)
iTunes (HKLM\...\{6ECEEC92-3E86-407D-8DFD-03CE193D28AD}) (Version: 12.9.4.102 - Apple Inc.)
K-Lite Mega Codec Pack 14.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.2.0 - KLCP)
LibreOffice 5.4.5.1 (HKLM\...\{7E33997B-06D8-4637-8794-5A0049237308}) (Version: 5.4.5.1 - The Document Foundation)
Malwarebytes verzia 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x86 sk) (HKLM-x32\...\Mozilla Firefox 58.0.2 (x86 sk)) (Version: 58.0.2 - Mozilla)
Mozilla Firefox 66.0.3 (x64 sk) (HKLM\...\Mozilla Firefox 66.0.3 (x64 sk)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.4 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21290 - Realtek Semiconductor Corp.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 9.4 - Screaming Frog Ltd)
Skype verzia 8.45 (HKLM-x32\...\Skype_is1) (Version: 8.45 - Skype Technologies S.A.)
Solid Converter PDF (HKLM-x32\...\{56BFAA6E-2BCC-4AED-9233-84731E66B205}) (Version: 6.0.669.0 - SolidDocuments)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.0 - Safer Networking Limited)
TPFanControl v0.63 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version: - troubadix)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR archivátor (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.575.0_x64__v10z8vjag6ke6 [2019-06-28] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.9.0_x64__8wekyb3d8bbwe [2018-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Pošta a kalendár -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-18] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-18] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-18] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-10 13:58 - 2010-03-15 11:28 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2018-06-15 15:00 - 2009-10-23 20:15 - 000024576 _____ () [File not signed] C:\WINDOWS\System32\solidlocalmon.dll
2018-03-10 18:16 - 2012-03-26 18:32 - 000312320 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_SKY.DLL
2018-03-10 18:15 - 2012-06-14 18:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2018-03-07 13:54 - 2005-03-30 13:11 - 000053248 _____ (EnTech Taiwan) [File not signed] C:\WINDOWS\system\TVicPort.dll
2017-08-13 09:49 - 2017-08-13 09:49 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2017-08-13 09:49 - 2017-08-13 09:49 - 000163640 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
2017-08-13 09:49 - 2017-08-13 09:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2009-10-23 20:14 - 2009-10-23 20:14 - 000320512 _____ (Solid Documents, LLC) [File not signed] c:\program files (x86)\soliddocuments\solid converter pdf\scpdfv6\solidconverterpdfservicex64.exe
2018-03-07 13:54 - 2013-02-02 18:08 - 000156672 _____ (troubadix) [File not signed] C:\Program Files\TPFanControl\TPFanControl.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hvsifltr => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> http://www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> http://www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> http://www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> http://www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> http://www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> http://www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> http://www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> http://www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> http://www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> http://www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> http://www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> http://www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> http://www.123simsen.com

There are 7943 more sites.

IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\008k.com -> http://www.008k.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\00hq.com -> http://www.00hq.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\0scan.com -> http://www.0scan.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\1-2005-search.com -> http://www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\1-domains-registrations.com -> http://www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\1000gratisproben.com -> http://www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\1001namen.com -> http://www.1001namen.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\100sexlinks.com -> http://www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\10sek.com -> http://www.10sek.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\123fporn.info -> http://www.123fporn.info
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\123haustiereundmehr.com -> http://www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\123moviedownload.com -> http://www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\123simsen.com -> http://www.123simsen.com

There are 7944 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2019-08-10 15:51 - 000455142 ____C C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 http://www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com
127.0.0.1 http://www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 http://www.10sek.com
127.0.0.1 http://www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 http://www.123fporn.info
127.0.0.1 http://www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 http://www.123moviedownload.com

There are 15622 more lines.


2018-09-23 14:10 - 2019-08-10 20:09 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

172.20.215.28 59a565d3-b.mshome.net # 2019 8 6 17 18 9 2 171
172.20.215.17 Tom�m�745-9.mshome.net # 2019 8 6 17 12 18 7 83
172.20.215.17 Tom��om�ed-5.mshome.net # 2019 2 0 24 9 28 23 153
172.20.215.17 Tom�7980-7.mshome.net # 2018 12 5 21 0 57 1 732
172.20.215.17 Tom��7d6-5.mshome.net # 2018 12 6 8 9 57 32 467
172.20.215.17 Tom�d6-5.mshome.net # 2018 12 6 8 9 57 32 467
172.20.215.17 Tom��m�shome.net # 2018 9 0 30 12 10 39 568
172.20.215.17 Tom�

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: wuauserv => 3
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\StartupApproved\Run: => "ShowBatteryBar"
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4265333793-1255850415-3889696489-1001\...\StartupApproved\Run: => "AdobeBridge"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C6CF6168-66F7-42D1-B7BA-FDF5998A8771}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{947F7D4E-D179-4997-85E3-D424C4A37B6C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E4ACE103-79A8-4826-BA67-86A0B170024E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{404D1AFF-31A9-4965-A427-BB9AE4C474F8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe No File
FirewallRules: [{D8A6AC64-080F-4CDB-8C6A-475C0BBDCF0D}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe No File
FirewallRules: [{ED5B4C74-7B73-4F7D-B085-B8024FC5E163}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E42A009-3FCD-4857-A23D-0FC5C7E49E26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{467D9DE1-7709-4A8C-B79C-489B14858154}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{571592BE-A771-42BB-99C5-B62D4B72983B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{430CAE5E-AD53-410D-A49F-46311CD198F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [DNS Server Forward Rule - TCP - 6b0ffb6b-283e-4eef-aaf3-e69655b18efe - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 6b0ffb6b-283e-4eef-aaf3-e69655b18efe - 0] => (Allow) LPort=53
FirewallRules: [{8DE89500-D444-403F-829A-409A0F9C72F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A083FC0-2B9B-492B-9F6A-E0E25E319AC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{77BB23E1-18A0-4E33-A840-FBCAAD8AF19B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4AB0171D-E6FB-471F-91A9-E4E4D24097BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FC3CD718-BA73-4A39-BDD3-3E16045FC078}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3C2F663C-8BE5-46D2-8146-CAED681481E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{159F83E9-45AD-49A0-B231-9D2EBE3F9072}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2948C516-D628-47F6-A74F-F172A93518BB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E163B44A-DDA7-48CE-B7F1-4C795DDDA522}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0FE64CC2-9A68-45EC-B13A-086242C4A6B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

21-07-2019 15:37:36 Scheduled Checkpoint
09-08-2019 22:36:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2019 08:09:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: iCloudPhotos.exe, verzia: 159.0.0.25, časová značka: 0x5b2e1ace
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.17134.799, časová značka: 0x636bcb43
Kód výnimky: 0xc0000374
Odstup chyby: 0x000d8519
Identifikácia chybujúceho procesu: 0x25b4
Čas spustenia chybujúcej aplikácie: 0x01d54fa6b18f8c84
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 38b4a2b8-8aa2-4791-bdaa-ce7673b1d8da
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (08/10/2019 04:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: iCloudPhotos.exe, verzia: 159.0.0.25, časová značka: 0x5b2e1ace
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.17134.799, časová značka: 0x636bcb43
Kód výnimky: 0xc0000374
Odstup chyby: 0x000d8519
Identifikácia chybujúceho procesu: 0x25a4
Čas spustenia chybujúcej aplikácie: 0x01d54f877fb23700
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 48bd2b9b-3e4c-4f0c-9f4c-6f4d498d696e
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (08/10/2019 04:15:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: iCloudPhotos.exe, verzia: 159.0.0.25, časová značka: 0x5b2e1ace
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.17134.799, časová značka: 0x636bcb43
Kód výnimky: 0xc0000374
Odstup chyby: 0x000d8519
Identifikácia chybujúceho procesu: 0x2410
Čas spustenia chybujúcej aplikácie: 0x01d54f86105ab00c
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 5a7fabc4-1d3e-472b-92a8-1fb5ca3a9f78
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (08/10/2019 04:10:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (08/10/2019 03:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: iCloudPhotos.exe, verzia: 159.0.0.25, časová značka: 0x5b2e1ace
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.17134.799, časová značka: 0x636bcb43
Kód výnimky: 0xc0000374
Odstup chyby: 0x000d8519
Identifikácia chybujúceho procesu: 0x25b4
Čas spustenia chybujúcej aplikácie: 0x01d54f823d501350
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 421c5665-e302-4cf9-aa28-9d01c52fe203
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (08/10/2019 03:44:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: iCloudPhotos.exe, verzia: 159.0.0.25, časová značka: 0x5b2e1ace
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.17134.799, časová značka: 0x636bcb43
Kód výnimky: 0xc0000374
Odstup chyby: 0x000d8519
Identifikácia chybujúceho procesu: 0x26d0
Čas spustenia chybujúcej aplikácie: 0x01d54f819d7b9f33
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: b948adab-fefd-42b8-a44c-12d76b5ed23b
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (08/10/2019 03:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: iCloudPhotos.exe, verzia: 159.0.0.25, časová značka: 0x5b2e1ace
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.17134.799, časová značka: 0x636bcb43
Kód výnimky: 0xc0000374
Odstup chyby: 0x000d8519
Identifikácia chybujúceho procesu: 0x2750
Čas spustenia chybujúcej aplikácie: 0x01d54f806b3366d6
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 3f8f9db7-c7ba-4629-a605-5536491c7b23
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (08/10/2019 03:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: iCloudPhotos.exe, verzia: 159.0.0.25, časová značka: 0x5b2e1ace
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.17134.799, časová značka: 0x636bcb43
Kód výnimky: 0xc0000374
Odstup chyby: 0x000d8519
Identifikácia chybujúceho procesu: 0xee8
Čas spustenia chybujúcej aplikácie: 0x01d54f7d64f883b0
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: f35b04d4-70e6-48ef-b0f1-12cc7898b708
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (08/10/2019 09:08:15 PM) (Source: DCOM) (EventID: 10016) (User: TOMAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user TOMAS\T450 SID (S-1-5-21-4265333793-1255850415-3889696489-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2019 08:35:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2019 08:11:06 PM) (Source: DCOM) (EventID: 10016) (User: TOMAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user TOMAS\T450 SID (S-1-5-21-4265333793-1255850415-3889696489-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2019 08:10:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2019 08:10:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2019 08:09:10 PM) (Source: DCOM) (EventID: 10016) (User: TOMAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user TOMAS\T450 SID (S-1-5-21-4265333793-1255850415-3889696489-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2019 08:09:10 PM) (Source: DCOM) (EventID: 10016) (User: TOMAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user TOMAS\T450 SID (S-1-5-21-4265333793-1255850415-3889696489-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2019 08:08:40 PM) (Source: Microsoft-Windows-Hyper-V-VmSwitch) (EventID: 32) (User: NT AUTHORITY)
Description: Failed to connect NIC 4B49AFDD-5E17-4575-92B6-F8ED5F2C6EAD--B19F91AC-90DE-486D-9325-BAAE2F7EBDCB (Friendly Name: ) to port e57392be-01bd-4050-9d33-bd7c19244e6c (Friendly Name: ) on switch 161df6ed-7ce7-450f-8ddb-4603ff64edfc (Friendly Name: ), status = 3221225524.


Windows Defender:
===================================
Date: 2019-08-10 14:30:27.545
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.299.1666.0, AS: 1.299.1666.0, NIS: 1.299.1666.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-10 14:30:27.001
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe; file:_C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware\Plumbytes Anti-Malware.lnk; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Plumbytes Anti-Malware; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plumbytes Anti-Malware 2018; runkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Plumbytes Anti-Malware; startup:_C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware\Plumbytes Anti-Malware.lnk; uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plumbytes Anti-Malware 2018
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\T450\AppData\Local\Temp\pai952A.tmp
Signature Version: AV: 1.299.1666.0, AS: 1.299.1666.0, NIS: 1.299.1666.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-10 14:30:11.296
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.299.1666.0, AS: 1.299.1666.0, NIS: 1.299.1666.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-10 14:30:10.575
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\T450\AppData\Local\Temp\pai952A.tmp
Signature Version: AV: 1.299.1666.0, AS: 1.299.1666.0, NIS: 1.299.1666.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-10 14:29:59.456
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\T450\AppData\Local\Temp\pai952A.tmp
Signature Version: AV: 1.299.1666.0, AS: 1.299.1666.0, NIS: 1.299.1666.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-10 20:18:42.658
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1666.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2019-08-09 22:34:45.254
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.175.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-08-09 22:34:45.253
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.175.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-08-09 22:34:45.253
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.175.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-08-09 22:34:45.241
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.175.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-08-10 21:23:39.829
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 21:23:39.826
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 21:10:50.006
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 21:10:50.004
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 20:50:59.735
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 20:50:59.734
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 20:25:55.576
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-10 20:25:55.573
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO JBET67WW (1.31 ) 12/14/2017
Motherboard: LENOVO 20BUS0X10N
Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 64%
Total physical RAM: 7888.21 MB
Available physical RAM: 2806.79 MB
Total Virtual: 10888.21 MB
Available Virtual: 2155.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.62 GB) (Free:42.83 GB) NTFS

\\?\Volume{7df8241c-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{7df8241c-0000-0000-0000-e0063a000000}\ () (Fixed) (Total:0.78 GB) (Free:0.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 7DF8241C)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=795 MB) - (Type=27)

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118238
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vírus destyy.com a zákerné otváranie okien

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
C:\Program Files\Plumbytes Software
C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Plumbytes Anti-Malware
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plumbytes Anti-Malware 2018
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Plumbytes Anti-Malware
C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware\Plumbytes Anti-Malware.lnk
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plumbytes Anti-Malware 2018
C:\Program Files\Bonjour
Task: {5E25BCEE-D4C2-4E61-8C48-ADBD7BA86A29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-10] (Google Inc -> Google Inc.)
Task: {C3569B8E-EAF8-43D6-8D26-3017880ED25B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-10] (Google Inc -> Google Inc.)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
element
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 10 srp 2019 18:20
Kontaktovat uživatele:
Kontaktovat uživatele element

Re: Vírus destyy.com a zákerné otváranie okien

#9 Příspěvek od element »

ešte to stále pretrváva

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by T450 (10-08-2019 23:20:02) Run:1
Running from C:\Users\T450\Desktop
Loaded Profiles: T450 (Available Profiles: T450)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
C:\Program Files\Plumbytes Software
C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Plumbytes Anti-Malware
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plumbytes Anti-Malware 2018
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Plumbytes Anti-Malware
C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware\Plumbytes Anti-Malware.lnk
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plumbytes Anti-Malware 2018
C:\Program Files\Bonjour
Task: {5E25BCEE-D4C2-4E61-8C48-ADBD7BA86A29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-10] (Google Inc -> Google Inc.)
Task: {C3569B8E-EAF8-43D6-8D26-3017880ED25B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-10] (Google Inc -> Google Inc.)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\STShellMenu => removed successfully
HKLM\Software\Classes\CLSID\{F32C83B9-DF1D-42AD-9741-C52909703957} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\STShellMenu => removed successfully
HKLM\Software\Classes\CLSID\{F32C83B9-DF1D-42AD-9741-C52909703957} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\STShellMenu => removed successfully
HKLM\Software\Classes\CLSID\{F32C83B9-DF1D-42AD-9741-C52909703957} => not found
"C:\Program Files\Plumbytes Software" => not found
"C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware" => not found
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Plumbytes Anti-Malware => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plumbytes Anti-Malware 2018 => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Plumbytes Anti-Malware => Error: No automatic fix found for this entry.
"C:\Users\T450\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware\Plumbytes Anti-Malware.lnk" => not found
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plumbytes Anti-Malware 2018 => Error: No automatic fix found for this entry.
C:\Program Files\Bonjour => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E25BCEE-D4C2-4E61-8C48-ADBD7BA86A29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E25BCEE-D4C2-4E61-8C48-ADBD7BA86A29}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3569B8E-EAF8-43D6-8D26-3017880ED25B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3569B8E-EAF8-43D6-8D26-3017880ED25B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 320455870 B
Java, Flash, Steam htmlcache => 549 B
Windows/system/drivers => 14587808 B
Edge => 1490227 B
Chrome => 419078018 B
Firefox => 1087356026 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14732 B
LocalService => 0 B
NetworkService => 706492 B
NetworkService => 0 B
T450 => 17573292 B

RecycleBin => 88235590 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:21:18 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118238
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vírus destyy.com a zákerné otváranie okien

#10 Příspěvek od Rudy »

OK. Vyčistíme prohlížeče. Spusťte postupně tyto utility:


1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
element
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 10 srp 2019 18:20
Kontaktovat uživatele:
Kontaktovat uživatele element

Re: Vírus destyy.com a zákerné otváranie okien

#11 Příspěvek od element »

prvý

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by T450 on ne 11. 08. 2019 at 11:24:44,62.
Microsoft Windows 10 Pro 10.0.17134 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\T450\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11. 8. 2019 11:26:36 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\DirectX deleted successfully
C:\PROGRA~2\Lenovo deleted successfully
C:\PROGRA~2\Panda Security deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\Program Files\Lenovo deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\Skype deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\T450\AppData\Roaming\Panda Security deleted successfully
C:\Users\T450\AppData\Local\DBG deleted successfully
C:\Users\T450\AppData\Local\PeerDistRepub deleted successfully
C:\Users\T450\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4265333793-1255850415-3889696489-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\T450\AppData\Roaming\Mozilla\Firefox\Profiles\qtkw9hyo.default\prefs.js:

Added to C:\Users\T450\AppData\Roaming\Mozilla\Firefox\Profiles\qtkw9hyo.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\T450\AppData\Roaming\Mozilla\Firefox\Profiles\qtkw9hyo.default

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- FireFox user.js and prefs.js backups ----

prefs_201911.08._1145_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\DirectX not found
C:\PROGRA~2\Lenovo not found
C:\PROGRA~2\Panda Security not found
C:\Users\T450\AppData\Local\Lenovo deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\T450\AppData\Local\oobelibMkey.log deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\WINDOWS\Syswow64\GroupPolicy\Machine deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted
"C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\oobelibMkey.log" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\T450\AppData\Roaming\Mozilla\Firefox\Profiles\qtkw9hyo.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\T450\AppData\Roaming\Mozilla\Firefox\Profiles\qtkw9hyo.default
- Avast Online Security - %ProfilePath%\extensions\wrc@avast.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\T450\AppData\Roaming\Mozilla\Firefox\Profiles\qtkw9hyo.default
- C:\Program Files x86\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - [?]
- C:\Program Files x86\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - [?]
180F93EA2B09DA6394258B86E5B49463 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
- C:\PROGRA1\MICROS1\Office14\NPAUTHZ.DLL - [?]


==== Chromium Look ======================

Google Chrome Version: 76.0.3809.100

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
fcbhdhpamoencpdogjnmnbjddipfkpad - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]
odbdbcaekkgabdfaabepfjgiooilmaoe - No path found[]

Chrome IG Story - T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf
Full Page Screen Capture - T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl
Fucking Work - T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibmkkpfegfiinilnlabbfnjcopdiiig
Linkclump - T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj
Boomerang for Gmail - T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll
WebSigner - T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbdbcaekkgabdfaabepfjgiooilmaoe
Chrome Media Router - T450\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\Guest Profile\Preferences was reset successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\Guest Profile\Secure Preferences was reset successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\System Profile\Preferences was reset successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\System Profile\Secure Preferences was reset successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\Guest Profile\Web Data was reset successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\System Profile\Web Data was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\T450\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\T450\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\T450\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\Guest Profile\Cache emptied successfully
C:\Users\T450\AppData\Local\Google\Chrome\User Data\System Profile\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=55 folders=63 143928703 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\T450\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\T450\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\oobelibMkey.log" not deleted

==== EOF on ne 11. 08. 2019 at 12:13:47,35 ======================


druhý

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by T450 (Administrator) on ne 11. 08. 2019 at 12:21:59,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\WINDOWS\system32\Tasks\Lenovo Power Management Driver PnP Task (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 11. 08. 2019 at 12:24:49,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


stále to pretrváva :(
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118238
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vírus destyy.com a zákerné otváranie okien

#12 Příspěvek od Rudy »

Spusťte AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
element
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 10 srp 2019 18:20
Kontaktovat uživatele:
Kontaktovat uživatele element

Re: Vírus destyy.com a zákerné otváranie okien

#13 Příspěvek od element »

našiel iba crack na microsoft office :(
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Vírus destyy.com a zákerné otváranie okien

#14 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

CMD: type "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-05-05] () [File not signed]

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
element
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 10 srp 2019 18:20
Kontaktovat uživatele:
Kontaktovat uživatele element

Re: Vírus destyy.com a zákerné otváranie okien

#15 Příspěvek od element »

No už to nerobí konečne :| :| :| :| :| :| :|

toto je log

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by T450 (11-08-2019 15:02:31) Run:2
Running from C:\Users\T450\Desktop
Loaded Profiles: T450 (Available Profiles: T450)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

CMD: type "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-05-05] () [File not signed]

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= type "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat" =========

@echo off
TITLE Update check..
start "" http://evassmat.com/1tfn
start "" http://destyy.com/wMEmhE
========= End of CMD: =========

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19209331 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 46823 B
Edge => 0 B
Chrome => 311975428 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 3226 B
NetworkService => 0 B
T450 => 2876305 B

RecycleBin => 1588454390 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:03:08 ====

čiže bol to ten súbor update.bat ?
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“