Prosím o kontrolu logu - ransomware
Napsal: 10 zář 2019 22:54
Zdravím. Prosím o kontrolu logu. Děkuji
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2019
Ran by San (administrator) on CUBE-PC (FUJITSU ESPRIMO P710) (10-09-2019 23:13:53)
Running from C:\Users\San\Desktop
Loaded Profiles: San & Administrator (Available Profiles: San & uce & Fil & Administrator)
Platform: Windows 10 Pro Version 1903 18362.295 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Conexant Systems, Inc.) [File not signed] C:\Windows\SysWOW64\SASrv.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\San\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe /t
HKLM-x32\...\Run: [Autodesk Desktop App] => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM-x32\...\Run: [NetLockMngr] => C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTMngr.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\Run: [OneDrive] => "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #0] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #3] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #4] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #6] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #7] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #8] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #9] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #10] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #11] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #12] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #13] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #14] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #15] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #16] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #17] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #18] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #19] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #20] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #21] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #22] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #23] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #24] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\CSW_NetSWKeyNTService.exe: [{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}.sdb] -> MoneyNetLicenceServer
HKLM\Software\...\AppCompatFlags\InstalledSDB\{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}.sdb [2019-08-08]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] [2019-03-14]
ShortcutTarget: CodeMeter Control Center.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] [2019-03-14]
ShortcutTarget: Network Server.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (No File)
Startup: C:\Users\CUBE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3050 J610 series.lnk [2019-06-21]
ShortcutAndArgument: Sledovat výstrahy inkoustu - HP Deskjet 3050 J610 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3050 J610 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN0BT3J23D05HX;CONNECTION=USB;MONITOR=1;
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BD3F7EC-746F-4679-B151-B5DDA38AF21E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {13E44638-B65B-485E-A334-0F99B8E35391} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1554B6D6-4F59-4589-B024-85997C3BD1CC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2795FAA3-A685-489C-952F-19DDAE5B1DB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {27BDDA3C-92FA-454B-A3D5-7180344DD725} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {31CB4EC1-5F7B-434F-B4EF-21B972071907} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4B6D278D-E2BE-4105-9E15-053F0415EA84} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4F35F062-0BEF-46B2-8C08-502ADFFA5BE8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {53635FEE-72A1-4D40-A710-1A3F2D367B8D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {60033671-3BD1-45F2-A494-7F9DCFE938D3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {60338C88-E0BB-4B33-9368-E02A57C33AE2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65146AC3-7EE7-4493-B1E7-0194C70B2766} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {6A71160F-5D66-4CE8-B3BC-F992B1B960F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6C840FE9-48D8-4F1C-9F2D-7CFBC102F467} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {75DC0782-5965-4C1D-A572-074B8587FBEE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7768136D-67D5-458E-8EEF-2E766FDBE9B6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {7C8F47BE-1CD4-46BD-8989-DE49FFAEF08F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {948BE8AD-283F-4144-B764-6E637019F750} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9E3F82F8-EE0C-43D8-8958-617612E56E18} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {A2BB3567-FF27-4276-AA40-80A4AA3C2532} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {AE78C538-C46C-4F53-9428-659AF8F06E1E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B1A75382-47C2-4B0A-95BF-FCA843448D57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B23563E2-2859-4519-AA1B-8F5490717141} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BC5828A4-5980-4347-B572-E50928B917BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {CACF8A71-405F-4E8B-BF85-277EA8103FB2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D1B71BA6-DB0F-4AD7-B448-47A23052F7E7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3DD69D1-6C43-4516-9F9D-7795FE557001} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {D498A999-DDA2-48D3-A1DF-FDBE0CD0AC66} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {D650D52F-83D2-4CB1-A3C0-976FD872C34E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D88B5B04-9086-4F7C-9747-2CD55B6C46A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DAF6CDF1-8732-451A-9087-423CC0420A8C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC3307DE-1E8A-45F3-A7D8-C2B402618321} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2165EA0-0F36-43D0-88A0-EBD6CE850302} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: {F45D6D0E-E098-43C5-852E-D38EAB605E56} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {FFAB13B4-34F3-409A-9970-989BAA503D74} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FFC16A88-04D8-4A03-BA98-0AC63FEE8590} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{90BF43E7-1BDA-4E13-AD28-CF68106B0C87}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9F17BAF9-6761-4F23-8137-48F5D7E2084D}: [NameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1836498613-3010024522-2400828536-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-helper.dll => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-plugin.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" No File
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [No File]
Chrome:
=======
CHR Profile: C:\Users\San\AppData\Local\Google\Chrome\User Data\Default [2019-08-14]
CHR Extension: (Prezentace) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-30]
CHR Extension: (Dokumenty) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-21]
CHR Extension: (Disk Google) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-21]
CHR Extension: (YouTube) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-21]
CHR Extension: (Adobe Acrobat) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-21]
CHR Extension: (Tabulky) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-21]
CHR Extension: (Gmail) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-21]
CHR Extension: (Chrome Media Router) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation - pGFX -> Intel Corporation)
R2 SAService; C:\WINDOWS\SysWOW64\SAsrv.exe [440320 2011-09-01] (Conexant Systems, Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5775208 2019-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AdAppMgrSvc; "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe" [X]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 Apple Mobile Device Service; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [X]
S3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 CmWebAdmin.exe; "C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe" [X]
S2 CodeMeter.exe; "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [X]
S2 FlexNet License Manager; "C:\SEFlex\Program\lmgrd.exe" [X]
S3 FlexNet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe" [X]
S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [X]
S3 PDF Architect 5; "C:\Program Files\PDF Architect 5\ws.exe" [X]
S2 PDF Architect 5 Creator; "C:\Program Files\PDF Architect 5\creator\common\creator-ws.exe" [X]
S2 PDF Architect 5 Manager; "C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe" [X]
S2 SentinelKeysServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [X]
S2 SentinelProtectionServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" [X]
S2 SentinelSecurityRuntime; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe" [X]
S4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [X]
S4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]
S2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [X]
S2 SWLckServer; C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTService.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [232448 2019-03-19] (Microsoft Corporation) [File not signed]
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 RsFx0201; C:\WINDOWS\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation -> Microsoft Corporation)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-31] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [118200 2016-12-22] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-09-10 23:13 - 2019-09-10 23:15 - 000026372 _____ C:\Users\San\Desktop\FRST.txt
2019-09-10 23:12 - 2019-09-10 23:13 - 000000000 ____D C:\FRST
2019-09-10 23:12 - 2019-09-10 23:11 - 001614848 _____ (Farbar) C:\Users\San\Desktop\FRST64.exe
2019-09-10 23:12 - 2019-09-10 23:05 - 064333800 _____ (Malwarebytes ) C:\Users\San\Desktop\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270 (1).exe
2019-09-10 23:12 - 2019-07-09 03:57 - 000072856 _____ (Microsoft Corporation) C:\Users\San\Desktop\setup.exe
2019-09-10 23:04 - 2019-09-10 23:04 - 000000000 ____D C:\Users\San\AppData\Local\PeerDistRepub
2019-09-10 22:28 - 2019-08-14 17:20 - 000410814 __RSH C:\bootmgr
2019-09-10 22:28 - 2019-03-19 06:44 - 000000001 ___SH C:\BOOTNXT
2019-09-10 21:51 - 2019-09-10 21:51 - 000182072 _____ C:\WINDOWS\ntbtlog.txt
2019-09-10 21:29 - 2019-09-10 21:29 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-09-09 23:15 - 2019-09-09 23:15 - 000000000 ____D C:\EFI
2019-09-08 15:39 - 2019-09-08 15:39 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-09-08 11:02 - 2019-09-08 11:02 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka
2019-09-08 11:01 - 2019-09-08 11:01 - 000006803 _____ C:\info.hta
2019-09-08 11:01 - 2019-09-08 11:01 - 000000385 _____ C:\INFO.txt
2019-09-08 10:27 - 2019-09-07 10:26 - 001119232 _____ () C:\File Encryption.exe.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:27 - 2019-09-06 18:29 - 001117184 _____ () C:\EncryptionChecker.exe.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:27 - 2019-07-18 00:47 - 000128000 _____ C:\exploit.exe.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:24 - 2019-09-08 10:24 - 000000422 __RSH C:\ProgramData\ntuser.pol.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:17 - 2019-09-08 06:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2019-09-02 19:39 - 2019-09-02 19:39 - 000000000 ____D C:\Users\Test\Desktop\kopie dokladu 2018
2019-08-21 22:16 - 2019-08-21 22:16 - 000000000 ____D C:\Users\Fil\AppData\LocalLow\Temp
2019-08-21 12:53 - 2019-08-21 12:53 - 000000000 ____D C:\Users\Fil\AppData\Roaming\HpUpdate
2019-08-16 10:02 - 2019-08-16 10:02 - 000000000 ____D C:\Users\Fil\Documents\PDF Architect
2019-08-16 10:02 - 2019-08-16 10:02 - 000000000 ____D C:\Users\Fil\AppData\Roaming\PDF Architect 5
2019-08-16 10:02 - 2019-08-16 10:02 - 000000000 ____D C:\Users\Fil\AppData\Local\PDFCreator
2019-08-15 12:57 - 2019-08-15 12:57 - 000000000 ____D C:\Users\Fil\AppData\Local\D3DSCache
2019-08-14 17:20 - 2019-08-14 17:20 - 025901056 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 022625280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 017785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 009926672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 008012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007890256 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007753728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007277568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007251808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 006518184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 006226864 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 006071432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 005941760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 005916160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 005753944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 004562904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 003724800 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 003698176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 003590672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 003550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002990096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 002798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2019-08-14 17:20 - 2019-08-14 17:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2019-08-14 17:20 - 2019-08-14 17:20 - 002724352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 002494440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002449432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002094592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 17:20 - 2019-08-14 17:20 - 001717776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001647280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001509936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001505808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001413328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001391416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 17:20 - 2019-08-14 17:20 - 001337872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001301008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 001262016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001259008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001213240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001072144 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001056704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000889664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000876560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000829776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000821904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000796088 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000782120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000752792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000672944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000633344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000524216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000481592 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-08-14 17:20 - 2019-08-14 17:20 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000441360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000428544 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000386320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000316432 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000300176 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000283152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000210400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000202256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000170920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000135480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000093104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Groupinghc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpapi.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2019-08-14 17:19 - 2019-08-14 17:19 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-14 17:19 - 2019-08-14 17:19 - 000804880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2019-08-14 17:19 - 2019-08-14 17:19 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-08-14 17:19 - 2019-08-14 17:19 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-08-14 17:19 - 2019-08-14 17:19 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-08-14 12:00 - 2019-09-08 10:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-09-10 22:38 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-10 22:30 - 2019-07-31 14:54 - 000000000 __SHD C:\Users\San\IntelGraphicsProfiles
2019-09-10 22:30 - 2019-07-31 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-09-10 22:30 - 2019-07-31 09:20 - 000000000 ___RD C:\Users\San\3D Objects
2019-09-10 22:30 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-10 22:18 - 2019-07-30 19:24 - 002010080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-10 22:18 - 2019-03-19 13:57 - 000779936 _____ C:\WINDOWS\system32\perfh005.dat
2019-09-10 22:18 - 2019-03-19 13:57 - 000177824 _____ C:\WINDOWS\system32\perfc005.dat
2019-09-10 22:18 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2019-09-10 22:05 - 2019-07-30 19:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-10 21:56 - 2019-03-19 06:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-09-10 21:29 - 2019-07-31 16:31 - 000000000 ____D C:\Users\Administrator
2019-09-09 23:15 - 2019-03-19 06:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-09-08 16:13 - 2019-08-08 15:18 - 000000000 __SHD C:\Users\Fil\IntelGraphicsProfiles
2019-09-08 16:12 - 2019-07-30 19:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-08 10:41 - 2019-07-31 16:31 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2019-09-08 10:41 - 2019-07-30 19:25 - 000000000 ____D C:\Users\CUBE
2019-09-08 10:41 - 2019-04-25 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Screen Capture 2
2019-09-08 10:41 - 2019-03-14 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter
2019-09-08 10:41 - 2019-03-14 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey
2019-09-08 10:41 - 2018-09-27 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2019-09-08 10:41 - 2018-08-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MayTec
2019-09-08 10:41 - 2018-08-07 12:27 - 000000000 ____D C:\Users\CUBE\AppData\Local\CrashDumps
2019-09-08 10:41 - 2018-07-30 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Siemens Solid Edge 2019
2019-09-08 10:41 - 2018-07-30 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyShot 7 64
2019-09-08 10:41 - 2018-06-05 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-09-08 10:41 - 2018-05-14 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-09-08 10:41 - 2018-04-25 16:09 - 000000000 ____D C:\Users\CUBE\.gimp-2.8
2019-09-08 10:41 - 2018-03-03 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2019-09-08 10:41 - 2018-02-15 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2019-09-08 10:41 - 2018-02-09 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2019-09-08 10:41 - 2018-02-09 12:48 - 000000000 ____D C:\Users\CUBE\AppData\Local\Akamai
2019-09-08 10:41 - 2017-10-28 11:11 - 000070768 _____ C:\Users\CUBE\AppData\Local\GDIPFONTCACHEV1.DAT.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:40 - 2019-07-31 16:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CÍGLER SOFTWARE
2019-09-08 10:40 - 2019-07-31 16:35 - 000000000 ___RD C:\Users\Administrator\OneDrive
2019-09-08 10:40 - 2019-07-31 16:31 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2019-09-08 10:40 - 2019-07-31 16:31 - 000000000 ___RD C:\Users\Administrator\3D Objects
2019-09-08 10:40 - 2019-03-14 14:02 - 000000000 ____D C:\ProgramData\Install.GS
2019-09-08 10:40 - 2018-07-30 13:19 - 000000000 ____D C:\SEWebInstall
2019-09-08 10:40 - 2018-07-24 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-09-08 10:40 - 2018-07-24 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-08 10:40 - 2018-05-14 13:40 - 000000000 ____D C:\ProgramData\HP Photo Creations
2019-09-08 10:40 - 2018-03-03 13:39 - 000000000 ____D C:\Program Files (x86)\PDF Architect 5
2019-09-08 10:40 - 2018-03-03 12:28 - 000000000 ____D C:\ProgramData\McAfee
2019-09-08 10:40 - 2018-02-09 13:35 - 000000000 ____D C:\ProgramData\FLEXnet
2019-09-08 10:40 - 2018-02-09 12:49 - 000000000 ____D C:\ProgramData\Autodesk
2019-09-08 10:40 - 2016-06-21 15:06 - 000000000 ___HD C:\Reseal
2019-09-08 10:38 - 2019-04-25 14:01 - 000000000 ____D C:\Program Files (x86)\Easy Screen Capture 2
2019-09-08 10:38 - 2018-05-14 13:40 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
2019-09-08 10:37 - 2019-03-14 14:12 - 000000000 ____D C:\Program Files (x86)\CodeMeter
2019-09-08 10:37 - 2018-06-05 18:34 - 000000000 ____D C:\Program Files\WinRAR
2019-09-08 10:37 - 2018-04-16 07:32 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-09-08 10:37 - 2017-11-07 21:58 - 000000000 ____D C:\Program Files (x86)\Bonjour
2019-09-08 10:31 - 2018-03-03 13:39 - 000000000 ____D C:\Program Files\PDF Architect 5
2019-09-08 10:31 - 2018-03-03 13:38 - 000000000 ____D C:\Program Files\PDFCreator
2019-09-08 10:30 - 2018-07-30 13:40 - 000000000 ____D C:\Program Files\KeyShot7
2019-09-08 10:30 - 2017-11-07 21:58 - 000000000 ____D C:\Program Files\Bonjour
2019-09-08 10:28 - 2018-02-15 22:17 - 000000048 _____ C:\script.txt.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:07 - 2019-07-31 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2019-09-08 06:07 - 2019-07-31 16:35 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836498613-3010024522-2400828536-500
2019-09-08 06:07 - 2019-07-31 16:31 - 000002422 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000402 ___SH C:\Users\Administrator\Documents\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000282 ___SH C:\Users\Administrator\Downloads\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000282 ___SH C:\Users\Administrator\Desktop\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000264 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000174 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-03 22:54 - 2019-07-31 15:51 - 000000000 ____D C:\Users\Test\AppData\Local\Packages
2019-09-03 15:37 - 2019-07-31 15:57 - 000000000 ____D C:\Users\Test\AppData\Local\PlaceholderTileLogoFolder
2019-09-02 19:27 - 2019-07-31 15:54 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836498613-3010024522-2400828536-1003
2019-09-02 19:27 - 2019-07-31 15:54 - 000000000 ___RD C:\Users\Test\OneDrive
2019-09-02 19:27 - 2019-07-31 15:51 - 000002399 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-02 19:26 - 2019-07-31 15:51 - 000000000 ___RD C:\Users\Test\3D Objects
2019-09-02 11:52 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-30 10:11 - 2019-08-08 15:21 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836498613-3010024522-2400828536-1004
2019-08-30 10:11 - 2019-08-08 15:21 - 000002426 _____ C:\Users\Fil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-30 10:11 - 2019-08-08 15:21 - 000000000 ___RD C:\Users\Fil\OneDrive
2019-08-29 22:41 - 2019-06-21 18:27 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-29 22:41 - 2019-06-21 18:27 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-24 00:06 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-23 20:48 - 2018-02-09 14:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-22 20:17 - 2019-08-08 15:19 - 000000000 ____D C:\Users\Fil\AppData\Local\Autodesk
2019-08-18 09:41 - 2019-08-08 15:18 - 000000000 ____D C:\Users\Fil
2019-08-17 18:39 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\servicing
2019-08-16 14:35 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-14 22:20 - 2019-08-08 15:18 - 000000000 ___RD C:\Users\Fil\3D Objects
2019-08-14 18:29 - 2019-07-30 19:13 - 000308136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 18:27 - 2019-03-19 13:59 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 18:27 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-08-14 18:27 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 18:27 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 17:27 - 2016-06-17 08:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 17:24 - 2019-03-19 06:49 - 000000400 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-14 17:24 - 2016-06-17 08:25 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-14 17:20 - 2017-07-26 14:59 - 000410814 __RSH C:\bootmgr.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-14 15:44 - 2019-03-19 06:59 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2019-08-14 15:01 - 2019-07-30 19:38 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-08-13 16:53 - 2019-07-30 18:16 - 000000000 ___DC C:\WINDOWS\Panther
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019
Ran by San (10-09-2019 23:16:12)
Running from C:\Users\San\Desktop
Windows 10 Pro Version 1903 18362.295 (X64) (2019-07-30 17:40:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1836498613-3010024522-2400828536-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1836498613-3010024522-2400828536-503 - Limited - Disabled)
Fil (S-1-5-21-1836498613-3010024522-2400828536-1004 - Limited - Enabled) => C:\Users\Fil
Guest (S-1-5-21-1836498613-3010024522-2400828536-501 - Limited - Disabled)
Mir (S-1-5-21-1836498613-3010024522-2400828536-1005 - Limited - Enabled)
San (S-1-5-21-1836498613-3010024522-2400828536-1002 - Administrator - Enabled) => C:\Users\San
uce (S-1-5-21-1836498613-3010024522-2400828536-1003 - Limited - Enabled) => C:\Users\Test
Vas (S-1-5-21-1836498613-3010024522-2400828536-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1836498613-3010024522-2400828536-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Compatibility Toolkit (HKLM\...\{D70F2D01-43C9-18A8-FC9C-3A088433BA65}) (Version: 10.1.18362.1 - Microsoft) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\{6ED27C84-0000-1033-0102-D4DAEFFC23C2}) (Version: 4.0.0.28 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MF631C (HKLM\...\{ED33D4BE-708F-4688-A642-EC47ADB4B488}) (Version: 5.4.0.0 - CANON INC.)
CodeMeter Runtime Kit v6.60a (HKLM\...\{34F620A7-AAD8-4C48-8ED6-9A8E7F894D15}) (Version: 6.60.2878.501 - WIBU-SYSTEMS AG)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.43.0 - Conexant)
Easy Screen Capture 2 (HKLM-x32\...\Easy Screen Capture 2_is1) (Version: - Longfine Software)
Ekonomický systém Money S3 (HKLM-x32\...\Money S3) (Version: 19.602 (20190726_15) - Solitea Česká republika, a.s.)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
GDR 3156 for SQL Server 2012 (KB3045318) (64-bit) (HKLM\...\KB3045318) (Version: 11.1.3156.0 - Microsoft Corporation)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 22.0 GEN FULL R1 1) (Version: 2018.2.1534.0 - GRAPHISOFT SE)
GRAPHISOFT License Manager Tool (HKLM\...\License Manager Tool 20.0 INT FULL R1 1) (Version: 20.0.0.4590 - GRAPHISOFT SE)
HP Deskjet 3050 J610 series Nápověda (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
KeyShot 7 64 bit (HKLM\...\KeyShot 7_64) (Version: 7.3 64 bit - Luxion ApS)
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
Licenční server Solitea verze 4.20 (HKLM-x32\...\Licenční server Solitea verze 4.20) (Version: - )
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
MAY-CAD (HKLM-x32\...\{92B4EFEA-0BA8-45E6-8774-741626F6F30F}) (Version: 7.000.1 - MayTec)
Microsoft OneDrive (HKU\S-1-5-21-1836498613-3010024522-2400828536-1002\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{4F640A82-635E-431A-856A-F43E5EAAC130}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8AC82589-7217-48FE-9051-AE6D3B211B14}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
MoneyNetLicenceServer (HKLM\...\{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}.sdb) (Version: - )
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.6.1.7023 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 cs)) (Version: 60.6.1 - Mozilla)
O2 (HKLM-x32\...\O2CZ) (Version: - O2)
PDF Architect 5 Create Module (HKLM\...\{E6BB3749-AC9F-4BDE-84D9-1E22EF689573}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Edit Module (HKLM\...\{CC1439A7-3054-4C5F-AF60-7F770DAD7793}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 View Module (HKLM\...\{23AFD2CD-3930-451E-A27C-07A9457CE07F}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.2 - pdfforge GmbH)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.7.232 - Autodesk)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
Sentinel Protection Installer 7.6.1 (HKLM-x32\...\{7B1AA2AB-ACD2-45C7-B1B1-364BEA40615F}) (Version: 7.6.1 - SafeNet, Inc.)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Siemens Solid Edge 2019 (HKLM\...\{C62CE6BD-CC1D-4459-AA70-19295563C462}) (Version: 219.00.00091 - Siemens)
Solid Edge License Manager (HKLM\...\{5B3C98CB-9E13-4C5E-9679-BD9AC959F16D}) (Version: 219.00.00091 - Siemens)
Solid Edge Standard Parts Administrator (HKLM\...\{1FB59B96-9361-43C9-AEB1-85E4B17D90AF}) (Version: 219.00.00091 - Siemens)
Solid Edge Standard Parts Machinery Library (HKLM\...\{FE274D7D-F9FB-402D-931C-E8FE7732B0EE}) (Version: 219.00.00091 - Siemens)
Speciální aplikace Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Studie vylepšování produktu HP Deskjet 3050 J610 series (HKLM\...\{8310B4FA-2ADE-4022-BD5A-28C4BDADC7D2}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Toolkit Documentation (HKLM-x32\...\{2BBA97A1-176F-DA72-96DE-0FEA66AF3EFF}) (Version: 10.1.18362.1 - Microsoft) Hidden
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.40 of 2016-Dec-22 (Build 2402) (Setup) - WIBU-SYSTEMS AG)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{fb450356-9879-4b2e-8dc9-282709286661}) (Version: 10.1.18362.1 - Microsoft Corporation)
WinRAR 5.60 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.4 - win.rar GmbH)
Základní software zařízení HP Deskjet 3050 J610 series (HKLM\...\{A74FCB98-0C9F-4D35-8F81-79BD5AA6A88F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-18] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-1002_Classes\CLSID\{6BE99E87-B6FB-4CC3-AE69-DFCF33303D55} -> [Tiskové exporty z Money S3] => C:\Users\Public\Documents\Solitea\Money S3\Bin\PRINT\ [0000-00-00 00:00]
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{6BE99E87-B6FB-4CC3-AE69-DFCF33303D55} -> [Tiskové exporty z Money S3] => C:\Users\Public\Documents\Solitea\Money S3\Bin\PRINT\ [0000-00-00 00:00]
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:/Program Files/PDFCreator/PDFCreatorShell.DLL -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll -> No File
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-03-03 13:38 - 2018-03-03 13:38 - 000117248 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2018-04-16 07:21 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1836498613-3010024522-2400828536-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run32: => "NetLockMngr"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3DC354BB-2C51-4ECF-9FCD-FE004CEB0652}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{3A1A5EA7-155E-4A81-9115-86C7467929A9}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{B75DBA7D-19F2-4B88-B485-B832807D3D27}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe No File
FirewallRules: [{03EB398A-778B-4394-A30A-C219BF29A37F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{FD43D7F5-AE42-4327-BDE1-C02FF0633FC2}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe No File
FirewallRules: [{F96BA42B-BED1-4CD3-9195-D20647CC62D1}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe No File
FirewallRules: [{4D10606E-398A-4C76-99DF-3C04C2177930}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe No File
FirewallRules: [{4BDE80D7-4205-4999-BD98-5268E30A3865}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe No File
FirewallRules: [{D9E64183-5846-4CE3-AA3E-B82A08716D3E}] => (Allow) C:\Program Files\KeyShot7\bin\keyshot_daemon.exe No File
FirewallRules: [{20F0FF85-28BD-4657-8C9C-74359394A05E}] => (Allow) C:\Program Files\KeyShot7\bin\keyshot.exe No File
FirewallRules: [{F36F0A36-25BF-4BF9-9C12-DB764BF2C3B5}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe No File
FirewallRules: [{8F93C0EF-2772-47F6-9D65-DF8CF6986A12}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe No File
FirewallRules: [{09646E77-05C4-47B0-AA7C-171071074B85}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe No File
FirewallRules: [{D1181257-C461-45FE-B2CE-F3B2A5AA1C57}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe No File
FirewallRules: [UDP Query User{F26B1BF5-25A0-4699-961A-6B2B7BA6100F}C:\users\cube\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cube\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{A1E87DFE-AAA3-4101-A14E-551A89929AE0}C:\users\cube\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cube\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [{57717DBE-EB48-46B4-9FED-D10F6A4B8766}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{2B041C67-3063-4C69-8679-5857E65964D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{65AE5862-E184-459A-AE60-ECF47CA382A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{116DFDF8-E9D6-466B-A19A-A497823C623E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{5FBD6234-ECD8-4145-B952-BF149E129017}] => (Allow) LPort=511
FirewallRules: [{1F579F9F-2064-4C1A-905A-4BD6B2B34675}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{C59BDAE9-2818-499A-B7AA-EF5AE699F57F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{02314169-BE0E-48EC-A316-432EF00D0A96}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe No File
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
==================== Restore Points =========================
22-08-2019 07:22:06 Instalační služba modulů systému Windows
31-08-2019 14:44:53 Naplánovaný kontrolní bod
02-09-2019 11:51:14 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/10/2019 11:10:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9648,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (09/10/2019 10:38:14 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2764,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (09/10/2019 10:15:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4480,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (09/10/2019 10:06:28 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(0ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (09/10/2019 10:06:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (09/10/2019 10:03:34 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(0ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (09/10/2019 10:03:22 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(16ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (09/10/2019 09:48:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
System errors:
=============
Error: (09/10/2019 10:07:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba FlexNet License Manager neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SQLWriter neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SentinelSecurityRuntime neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PDF Architect 5 Manager neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PDF Architect 5 Creator neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MSSQL$SQLEXPRESS neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Bonjour Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Windows Defender:
===================================
Date: 2019-09-08 10:25:37.395
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Ransom:Win32/Higuniel.A
ID: 2147725777
Závažnost: Vážné
Kategorie: Ransomware
Cesta: file:_C:\Users\Administrator\Desktop\EncryptionChecker.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-08 10:25:27.946
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Ransom:Win32/Higuniel.A
ID: 2147725777
Závažnost: Vážné
Kategorie: Ransomware
Cesta: file:_C:\Users\Administrator\Desktop\EncryptionChecker.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-08 10:25:19.617
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casdet!rfn
ID: 2147727512
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Administrator\Desktop\exploit.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-08 10:25:14.903
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
ID: 2147735505
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Administrator\Desktop\File Encryption.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-08 10:24:54.106
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Ransom:Win32/Higuniel.A
ID: 2147725777
Závažnost: Vážné
Kategorie: Ransomware
Cesta: file:_C:\Users\Administrator\Desktop\EncryptionChecker.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-10 22:58:53.553
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2019-09-10 22:33:53.260
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2019-09-10 22:33:53.259
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2019-09-10 22:33:53.258
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2019-09-10 22:33:53.247
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
==================== Memory info ===========================
BIOS: FUJITSU // American Megatrends Inc. V4.6.5.3 R1.19.0 for D3161-A1x 12/17/2012
Motherboard: FUJITSU D3161-A1
Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 15%
Total physical RAM: 16231.55 MB
Available physical RAM: 13676.03 MB
Total Virtual: 32615.55 MB
Available Virtual: 30183.84 MB
==================== Drives ================================
Drive a: () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
Drive c: () (Fixed) (Total:465.23 GB) (Free:315.74 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ESD-USB) (Removable) (Total:7.6 GB) (Free:0.92 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 42A6D53C)
Partition 1: (Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=541 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.6 GB) (Disk ID: 31507526)
Partition 1: (Active) - (Size=7.6 GB) - (Type=0C)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2019
Ran by San (administrator) on CUBE-PC (FUJITSU ESPRIMO P710) (10-09-2019 23:13:53)
Running from C:\Users\San\Desktop
Loaded Profiles: San & Administrator (Available Profiles: San & uce & Fil & Administrator)
Platform: Windows 10 Pro Version 1903 18362.295 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Conexant Systems, Inc.) [File not signed] C:\Windows\SysWOW64\SASrv.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\San\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe /t
HKLM-x32\...\Run: [Autodesk Desktop App] => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM-x32\...\Run: [NetLockMngr] => C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTMngr.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\Run: [OneDrive] => "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #0] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #3] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #4] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #6] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #7] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #8] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #9] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #10] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #11] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #12] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #13] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #14] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #15] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #16] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #17] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #18] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #19] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #20] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #21] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #22] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #23] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #24] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\CSW_NetSWKeyNTService.exe: [{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}.sdb] -> MoneyNetLicenceServer
HKLM\Software\...\AppCompatFlags\InstalledSDB\{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}.sdb [2019-08-08]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] [2019-03-14]
ShortcutTarget: CodeMeter Control Center.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] [2019-03-14]
ShortcutTarget: Network Server.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (No File)
Startup: C:\Users\CUBE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3050 J610 series.lnk [2019-06-21]
ShortcutAndArgument: Sledovat výstrahy inkoustu - HP Deskjet 3050 J610 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3050 J610 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN0BT3J23D05HX;CONNECTION=USB;MONITOR=1;
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BD3F7EC-746F-4679-B151-B5DDA38AF21E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {13E44638-B65B-485E-A334-0F99B8E35391} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1554B6D6-4F59-4589-B024-85997C3BD1CC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2795FAA3-A685-489C-952F-19DDAE5B1DB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {27BDDA3C-92FA-454B-A3D5-7180344DD725} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {31CB4EC1-5F7B-434F-B4EF-21B972071907} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4B6D278D-E2BE-4105-9E15-053F0415EA84} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4F35F062-0BEF-46B2-8C08-502ADFFA5BE8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {53635FEE-72A1-4D40-A710-1A3F2D367B8D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {60033671-3BD1-45F2-A494-7F9DCFE938D3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {60338C88-E0BB-4B33-9368-E02A57C33AE2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65146AC3-7EE7-4493-B1E7-0194C70B2766} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {6A71160F-5D66-4CE8-B3BC-F992B1B960F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6C840FE9-48D8-4F1C-9F2D-7CFBC102F467} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {75DC0782-5965-4C1D-A572-074B8587FBEE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7768136D-67D5-458E-8EEF-2E766FDBE9B6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {7C8F47BE-1CD4-46BD-8989-DE49FFAEF08F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {948BE8AD-283F-4144-B764-6E637019F750} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9E3F82F8-EE0C-43D8-8958-617612E56E18} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {A2BB3567-FF27-4276-AA40-80A4AA3C2532} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {AE78C538-C46C-4F53-9428-659AF8F06E1E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B1A75382-47C2-4B0A-95BF-FCA843448D57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B23563E2-2859-4519-AA1B-8F5490717141} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BC5828A4-5980-4347-B572-E50928B917BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {CACF8A71-405F-4E8B-BF85-277EA8103FB2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D1B71BA6-DB0F-4AD7-B448-47A23052F7E7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3DD69D1-6C43-4516-9F9D-7795FE557001} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {D498A999-DDA2-48D3-A1DF-FDBE0CD0AC66} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {D650D52F-83D2-4CB1-A3C0-976FD872C34E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D88B5B04-9086-4F7C-9747-2CD55B6C46A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DAF6CDF1-8732-451A-9087-423CC0420A8C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC3307DE-1E8A-45F3-A7D8-C2B402618321} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2165EA0-0F36-43D0-88A0-EBD6CE850302} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: {F45D6D0E-E098-43C5-852E-D38EAB605E56} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {FFAB13B4-34F3-409A-9970-989BAA503D74} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FFC16A88-04D8-4A03-BA98-0AC63FEE8590} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{90BF43E7-1BDA-4E13-AD28-CF68106B0C87}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9F17BAF9-6761-4F23-8137-48F5D7E2084D}: [NameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1836498613-3010024522-2400828536-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-helper.dll => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-plugin.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" No File
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [No File]
Chrome:
=======
CHR Profile: C:\Users\San\AppData\Local\Google\Chrome\User Data\Default [2019-08-14]
CHR Extension: (Prezentace) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-30]
CHR Extension: (Dokumenty) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-21]
CHR Extension: (Disk Google) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-21]
CHR Extension: (YouTube) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-21]
CHR Extension: (Adobe Acrobat) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-21]
CHR Extension: (Tabulky) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-21]
CHR Extension: (Gmail) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-21]
CHR Extension: (Chrome Media Router) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation - pGFX -> Intel Corporation)
R2 SAService; C:\WINDOWS\SysWOW64\SAsrv.exe [440320 2011-09-01] (Conexant Systems, Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5775208 2019-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AdAppMgrSvc; "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe" [X]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 Apple Mobile Device Service; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [X]
S3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 CmWebAdmin.exe; "C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe" [X]
S2 CodeMeter.exe; "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [X]
S2 FlexNet License Manager; "C:\SEFlex\Program\lmgrd.exe" [X]
S3 FlexNet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe" [X]
S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [X]
S3 PDF Architect 5; "C:\Program Files\PDF Architect 5\ws.exe" [X]
S2 PDF Architect 5 Creator; "C:\Program Files\PDF Architect 5\creator\common\creator-ws.exe" [X]
S2 PDF Architect 5 Manager; "C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe" [X]
S2 SentinelKeysServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [X]
S2 SentinelProtectionServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" [X]
S2 SentinelSecurityRuntime; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe" [X]
S4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [X]
S4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]
S2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [X]
S2 SWLckServer; C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTService.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [232448 2019-03-19] (Microsoft Corporation) [File not signed]
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 RsFx0201; C:\WINDOWS\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation -> Microsoft Corporation)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-31] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [118200 2016-12-22] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-09-10 23:13 - 2019-09-10 23:15 - 000026372 _____ C:\Users\San\Desktop\FRST.txt
2019-09-10 23:12 - 2019-09-10 23:13 - 000000000 ____D C:\FRST
2019-09-10 23:12 - 2019-09-10 23:11 - 001614848 _____ (Farbar) C:\Users\San\Desktop\FRST64.exe
2019-09-10 23:12 - 2019-09-10 23:05 - 064333800 _____ (Malwarebytes ) C:\Users\San\Desktop\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270 (1).exe
2019-09-10 23:12 - 2019-07-09 03:57 - 000072856 _____ (Microsoft Corporation) C:\Users\San\Desktop\setup.exe
2019-09-10 23:04 - 2019-09-10 23:04 - 000000000 ____D C:\Users\San\AppData\Local\PeerDistRepub
2019-09-10 22:28 - 2019-08-14 17:20 - 000410814 __RSH C:\bootmgr
2019-09-10 22:28 - 2019-03-19 06:44 - 000000001 ___SH C:\BOOTNXT
2019-09-10 21:51 - 2019-09-10 21:51 - 000182072 _____ C:\WINDOWS\ntbtlog.txt
2019-09-10 21:29 - 2019-09-10 21:29 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-09-09 23:15 - 2019-09-09 23:15 - 000000000 ____D C:\EFI
2019-09-08 15:39 - 2019-09-08 15:39 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-09-08 11:02 - 2019-09-08 11:02 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka
2019-09-08 11:01 - 2019-09-08 11:01 - 000006803 _____ C:\info.hta
2019-09-08 11:01 - 2019-09-08 11:01 - 000000385 _____ C:\INFO.txt
2019-09-08 10:27 - 2019-09-07 10:26 - 001119232 _____ () C:\File Encryption.exe.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:27 - 2019-09-06 18:29 - 001117184 _____ () C:\EncryptionChecker.exe.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:27 - 2019-07-18 00:47 - 000128000 _____ C:\exploit.exe.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:24 - 2019-09-08 10:24 - 000000422 __RSH C:\ProgramData\ntuser.pol.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:17 - 2019-09-08 06:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2019-09-02 19:39 - 2019-09-02 19:39 - 000000000 ____D C:\Users\Test\Desktop\kopie dokladu 2018
2019-08-21 22:16 - 2019-08-21 22:16 - 000000000 ____D C:\Users\Fil\AppData\LocalLow\Temp
2019-08-21 12:53 - 2019-08-21 12:53 - 000000000 ____D C:\Users\Fil\AppData\Roaming\HpUpdate
2019-08-16 10:02 - 2019-08-16 10:02 - 000000000 ____D C:\Users\Fil\Documents\PDF Architect
2019-08-16 10:02 - 2019-08-16 10:02 - 000000000 ____D C:\Users\Fil\AppData\Roaming\PDF Architect 5
2019-08-16 10:02 - 2019-08-16 10:02 - 000000000 ____D C:\Users\Fil\AppData\Local\PDFCreator
2019-08-15 12:57 - 2019-08-15 12:57 - 000000000 ____D C:\Users\Fil\AppData\Local\D3DSCache
2019-08-14 17:20 - 2019-08-14 17:20 - 025901056 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 022625280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 017785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 009926672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 008012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007890256 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007753728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007277568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007251808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 006518184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 006226864 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 006071432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 005941760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 005916160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 005753944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 004562904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 003724800 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 003698176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 003590672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 003550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002990096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 002798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2019-08-14 17:20 - 2019-08-14 17:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2019-08-14 17:20 - 2019-08-14 17:20 - 002724352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 002494440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002449432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002094592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 17:20 - 2019-08-14 17:20 - 001717776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001647280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001509936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001505808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001413328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001391416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 17:20 - 2019-08-14 17:20 - 001337872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001301008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 001262016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001259008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001213240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001072144 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001056704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000889664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000876560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000829776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000821904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000796088 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000782120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000752792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000672944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000633344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000524216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000481592 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-08-14 17:20 - 2019-08-14 17:20 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000441360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000428544 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000386320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000316432 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000300176 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000283152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000210400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000202256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000170920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000135480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000093104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Groupinghc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpapi.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2019-08-14 17:19 - 2019-08-14 17:19 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-14 17:19 - 2019-08-14 17:19 - 000804880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2019-08-14 17:19 - 2019-08-14 17:19 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-08-14 17:19 - 2019-08-14 17:19 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-08-14 17:19 - 2019-08-14 17:19 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-08-14 12:00 - 2019-09-08 10:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-09-10 22:38 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-10 22:30 - 2019-07-31 14:54 - 000000000 __SHD C:\Users\San\IntelGraphicsProfiles
2019-09-10 22:30 - 2019-07-31 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-09-10 22:30 - 2019-07-31 09:20 - 000000000 ___RD C:\Users\San\3D Objects
2019-09-10 22:30 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-10 22:18 - 2019-07-30 19:24 - 002010080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-10 22:18 - 2019-03-19 13:57 - 000779936 _____ C:\WINDOWS\system32\perfh005.dat
2019-09-10 22:18 - 2019-03-19 13:57 - 000177824 _____ C:\WINDOWS\system32\perfc005.dat
2019-09-10 22:18 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2019-09-10 22:05 - 2019-07-30 19:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-10 21:56 - 2019-03-19 06:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-09-10 21:29 - 2019-07-31 16:31 - 000000000 ____D C:\Users\Administrator
2019-09-09 23:15 - 2019-03-19 06:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-09-08 16:13 - 2019-08-08 15:18 - 000000000 __SHD C:\Users\Fil\IntelGraphicsProfiles
2019-09-08 16:12 - 2019-07-30 19:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-08 10:41 - 2019-07-31 16:31 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2019-09-08 10:41 - 2019-07-30 19:25 - 000000000 ____D C:\Users\CUBE
2019-09-08 10:41 - 2019-04-25 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Screen Capture 2
2019-09-08 10:41 - 2019-03-14 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter
2019-09-08 10:41 - 2019-03-14 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey
2019-09-08 10:41 - 2018-09-27 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2019-09-08 10:41 - 2018-08-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MayTec
2019-09-08 10:41 - 2018-08-07 12:27 - 000000000 ____D C:\Users\CUBE\AppData\Local\CrashDumps
2019-09-08 10:41 - 2018-07-30 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Siemens Solid Edge 2019
2019-09-08 10:41 - 2018-07-30 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyShot 7 64
2019-09-08 10:41 - 2018-06-05 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-09-08 10:41 - 2018-05-14 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-09-08 10:41 - 2018-04-25 16:09 - 000000000 ____D C:\Users\CUBE\.gimp-2.8
2019-09-08 10:41 - 2018-03-03 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2019-09-08 10:41 - 2018-02-15 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2019-09-08 10:41 - 2018-02-09 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2019-09-08 10:41 - 2018-02-09 12:48 - 000000000 ____D C:\Users\CUBE\AppData\Local\Akamai
2019-09-08 10:41 - 2017-10-28 11:11 - 000070768 _____ C:\Users\CUBE\AppData\Local\GDIPFONTCACHEV1.DAT.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:40 - 2019-07-31 16:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CÍGLER SOFTWARE
2019-09-08 10:40 - 2019-07-31 16:35 - 000000000 ___RD C:\Users\Administrator\OneDrive
2019-09-08 10:40 - 2019-07-31 16:31 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2019-09-08 10:40 - 2019-07-31 16:31 - 000000000 ___RD C:\Users\Administrator\3D Objects
2019-09-08 10:40 - 2019-03-14 14:02 - 000000000 ____D C:\ProgramData\Install.GS
2019-09-08 10:40 - 2018-07-30 13:19 - 000000000 ____D C:\SEWebInstall
2019-09-08 10:40 - 2018-07-24 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-09-08 10:40 - 2018-07-24 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-08 10:40 - 2018-05-14 13:40 - 000000000 ____D C:\ProgramData\HP Photo Creations
2019-09-08 10:40 - 2018-03-03 13:39 - 000000000 ____D C:\Program Files (x86)\PDF Architect 5
2019-09-08 10:40 - 2018-03-03 12:28 - 000000000 ____D C:\ProgramData\McAfee
2019-09-08 10:40 - 2018-02-09 13:35 - 000000000 ____D C:\ProgramData\FLEXnet
2019-09-08 10:40 - 2018-02-09 12:49 - 000000000 ____D C:\ProgramData\Autodesk
2019-09-08 10:40 - 2016-06-21 15:06 - 000000000 ___HD C:\Reseal
2019-09-08 10:38 - 2019-04-25 14:01 - 000000000 ____D C:\Program Files (x86)\Easy Screen Capture 2
2019-09-08 10:38 - 2018-05-14 13:40 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
2019-09-08 10:37 - 2019-03-14 14:12 - 000000000 ____D C:\Program Files (x86)\CodeMeter
2019-09-08 10:37 - 2018-06-05 18:34 - 000000000 ____D C:\Program Files\WinRAR
2019-09-08 10:37 - 2018-04-16 07:32 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-09-08 10:37 - 2017-11-07 21:58 - 000000000 ____D C:\Program Files (x86)\Bonjour
2019-09-08 10:31 - 2018-03-03 13:39 - 000000000 ____D C:\Program Files\PDF Architect 5
2019-09-08 10:31 - 2018-03-03 13:38 - 000000000 ____D C:\Program Files\PDFCreator
2019-09-08 10:30 - 2018-07-30 13:40 - 000000000 ____D C:\Program Files\KeyShot7
2019-09-08 10:30 - 2017-11-07 21:58 - 000000000 ____D C:\Program Files\Bonjour
2019-09-08 10:28 - 2018-02-15 22:17 - 000000048 _____ C:\script.txt.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:07 - 2019-07-31 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2019-09-08 06:07 - 2019-07-31 16:35 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836498613-3010024522-2400828536-500
2019-09-08 06:07 - 2019-07-31 16:31 - 000002422 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000402 ___SH C:\Users\Administrator\Documents\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000282 ___SH C:\Users\Administrator\Downloads\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000282 ___SH C:\Users\Administrator\Desktop\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000264 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000174 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-03 22:54 - 2019-07-31 15:51 - 000000000 ____D C:\Users\Test\AppData\Local\Packages
2019-09-03 15:37 - 2019-07-31 15:57 - 000000000 ____D C:\Users\Test\AppData\Local\PlaceholderTileLogoFolder
2019-09-02 19:27 - 2019-07-31 15:54 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836498613-3010024522-2400828536-1003
2019-09-02 19:27 - 2019-07-31 15:54 - 000000000 ___RD C:\Users\Test\OneDrive
2019-09-02 19:27 - 2019-07-31 15:51 - 000002399 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-02 19:26 - 2019-07-31 15:51 - 000000000 ___RD C:\Users\Test\3D Objects
2019-09-02 11:52 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-30 10:11 - 2019-08-08 15:21 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836498613-3010024522-2400828536-1004
2019-08-30 10:11 - 2019-08-08 15:21 - 000002426 _____ C:\Users\Fil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-30 10:11 - 2019-08-08 15:21 - 000000000 ___RD C:\Users\Fil\OneDrive
2019-08-29 22:41 - 2019-06-21 18:27 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-29 22:41 - 2019-06-21 18:27 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-24 00:06 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-23 20:48 - 2018-02-09 14:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-22 20:17 - 2019-08-08 15:19 - 000000000 ____D C:\Users\Fil\AppData\Local\Autodesk
2019-08-18 09:41 - 2019-08-08 15:18 - 000000000 ____D C:\Users\Fil
2019-08-17 18:39 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\servicing
2019-08-16 14:35 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-14 22:20 - 2019-08-08 15:18 - 000000000 ___RD C:\Users\Fil\3D Objects
2019-08-14 18:29 - 2019-07-30 19:13 - 000308136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 18:27 - 2019-03-19 13:59 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 18:27 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-08-14 18:27 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 18:27 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 17:27 - 2016-06-17 08:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 17:24 - 2019-03-19 06:49 - 000000400 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-14 17:24 - 2016-06-17 08:25 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-14 17:20 - 2017-07-26 14:59 - 000410814 __RSH C:\bootmgr.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-14 15:44 - 2019-03-19 06:59 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2019-08-14 15:01 - 2019-07-30 19:38 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-08-13 16:53 - 2019-07-30 18:16 - 000000000 ___DC C:\WINDOWS\Panther
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019
Ran by San (10-09-2019 23:16:12)
Running from C:\Users\San\Desktop
Windows 10 Pro Version 1903 18362.295 (X64) (2019-07-30 17:40:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1836498613-3010024522-2400828536-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1836498613-3010024522-2400828536-503 - Limited - Disabled)
Fil (S-1-5-21-1836498613-3010024522-2400828536-1004 - Limited - Enabled) => C:\Users\Fil
Guest (S-1-5-21-1836498613-3010024522-2400828536-501 - Limited - Disabled)
Mir (S-1-5-21-1836498613-3010024522-2400828536-1005 - Limited - Enabled)
San (S-1-5-21-1836498613-3010024522-2400828536-1002 - Administrator - Enabled) => C:\Users\San
uce (S-1-5-21-1836498613-3010024522-2400828536-1003 - Limited - Enabled) => C:\Users\Test
Vas (S-1-5-21-1836498613-3010024522-2400828536-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1836498613-3010024522-2400828536-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Compatibility Toolkit (HKLM\...\{D70F2D01-43C9-18A8-FC9C-3A088433BA65}) (Version: 10.1.18362.1 - Microsoft) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\{6ED27C84-0000-1033-0102-D4DAEFFC23C2}) (Version: 4.0.0.28 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MF631C (HKLM\...\{ED33D4BE-708F-4688-A642-EC47ADB4B488}) (Version: 5.4.0.0 - CANON INC.)
CodeMeter Runtime Kit v6.60a (HKLM\...\{34F620A7-AAD8-4C48-8ED6-9A8E7F894D15}) (Version: 6.60.2878.501 - WIBU-SYSTEMS AG)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.43.0 - Conexant)
Easy Screen Capture 2 (HKLM-x32\...\Easy Screen Capture 2_is1) (Version: - Longfine Software)
Ekonomický systém Money S3 (HKLM-x32\...\Money S3) (Version: 19.602 (20190726_15) - Solitea Česká republika, a.s.)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
GDR 3156 for SQL Server 2012 (KB3045318) (64-bit) (HKLM\...\KB3045318) (Version: 11.1.3156.0 - Microsoft Corporation)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 22.0 GEN FULL R1 1) (Version: 2018.2.1534.0 - GRAPHISOFT SE)
GRAPHISOFT License Manager Tool (HKLM\...\License Manager Tool 20.0 INT FULL R1 1) (Version: 20.0.0.4590 - GRAPHISOFT SE)
HP Deskjet 3050 J610 series Nápověda (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
KeyShot 7 64 bit (HKLM\...\KeyShot 7_64) (Version: 7.3 64 bit - Luxion ApS)
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
Licenční server Solitea verze 4.20 (HKLM-x32\...\Licenční server Solitea verze 4.20) (Version: - )
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
MAY-CAD (HKLM-x32\...\{92B4EFEA-0BA8-45E6-8774-741626F6F30F}) (Version: 7.000.1 - MayTec)
Microsoft OneDrive (HKU\S-1-5-21-1836498613-3010024522-2400828536-1002\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{4F640A82-635E-431A-856A-F43E5EAAC130}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8AC82589-7217-48FE-9051-AE6D3B211B14}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
MoneyNetLicenceServer (HKLM\...\{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}.sdb) (Version: - )
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.6.1.7023 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 cs)) (Version: 60.6.1 - Mozilla)
O2 (HKLM-x32\...\O2CZ) (Version: - O2)
PDF Architect 5 Create Module (HKLM\...\{E6BB3749-AC9F-4BDE-84D9-1E22EF689573}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Edit Module (HKLM\...\{CC1439A7-3054-4C5F-AF60-7F770DAD7793}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 View Module (HKLM\...\{23AFD2CD-3930-451E-A27C-07A9457CE07F}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.2 - pdfforge GmbH)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.7.232 - Autodesk)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
Sentinel Protection Installer 7.6.1 (HKLM-x32\...\{7B1AA2AB-ACD2-45C7-B1B1-364BEA40615F}) (Version: 7.6.1 - SafeNet, Inc.)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Siemens Solid Edge 2019 (HKLM\...\{C62CE6BD-CC1D-4459-AA70-19295563C462}) (Version: 219.00.00091 - Siemens)
Solid Edge License Manager (HKLM\...\{5B3C98CB-9E13-4C5E-9679-BD9AC959F16D}) (Version: 219.00.00091 - Siemens)
Solid Edge Standard Parts Administrator (HKLM\...\{1FB59B96-9361-43C9-AEB1-85E4B17D90AF}) (Version: 219.00.00091 - Siemens)
Solid Edge Standard Parts Machinery Library (HKLM\...\{FE274D7D-F9FB-402D-931C-E8FE7732B0EE}) (Version: 219.00.00091 - Siemens)
Speciální aplikace Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Studie vylepšování produktu HP Deskjet 3050 J610 series (HKLM\...\{8310B4FA-2ADE-4022-BD5A-28C4BDADC7D2}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Toolkit Documentation (HKLM-x32\...\{2BBA97A1-176F-DA72-96DE-0FEA66AF3EFF}) (Version: 10.1.18362.1 - Microsoft) Hidden
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.40 of 2016-Dec-22 (Build 2402) (Setup) - WIBU-SYSTEMS AG)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{fb450356-9879-4b2e-8dc9-282709286661}) (Version: 10.1.18362.1 - Microsoft Corporation)
WinRAR 5.60 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.4 - win.rar GmbH)
Základní software zařízení HP Deskjet 3050 J610 series (HKLM\...\{A74FCB98-0C9F-4D35-8F81-79BD5AA6A88F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-18] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-1002_Classes\CLSID\{6BE99E87-B6FB-4CC3-AE69-DFCF33303D55} -> [Tiskové exporty z Money S3] => C:\Users\Public\Documents\Solitea\Money S3\Bin\PRINT\ [0000-00-00 00:00]
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{6BE99E87-B6FB-4CC3-AE69-DFCF33303D55} -> [Tiskové exporty z Money S3] => C:\Users\Public\Documents\Solitea\Money S3\Bin\PRINT\ [0000-00-00 00:00]
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:/Program Files/PDFCreator/PDFCreatorShell.DLL -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll -> No File
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-03-03 13:38 - 2018-03-03 13:38 - 000117248 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2018-04-16 07:21 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1836498613-3010024522-2400828536-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run32: => "NetLockMngr"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3DC354BB-2C51-4ECF-9FCD-FE004CEB0652}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{3A1A5EA7-155E-4A81-9115-86C7467929A9}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{B75DBA7D-19F2-4B88-B485-B832807D3D27}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe No File
FirewallRules: [{03EB398A-778B-4394-A30A-C219BF29A37F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{FD43D7F5-AE42-4327-BDE1-C02FF0633FC2}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe No File
FirewallRules: [{F96BA42B-BED1-4CD3-9195-D20647CC62D1}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe No File
FirewallRules: [{4D10606E-398A-4C76-99DF-3C04C2177930}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe No File
FirewallRules: [{4BDE80D7-4205-4999-BD98-5268E30A3865}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe No File
FirewallRules: [{D9E64183-5846-4CE3-AA3E-B82A08716D3E}] => (Allow) C:\Program Files\KeyShot7\bin\keyshot_daemon.exe No File
FirewallRules: [{20F0FF85-28BD-4657-8C9C-74359394A05E}] => (Allow) C:\Program Files\KeyShot7\bin\keyshot.exe No File
FirewallRules: [{F36F0A36-25BF-4BF9-9C12-DB764BF2C3B5}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe No File
FirewallRules: [{8F93C0EF-2772-47F6-9D65-DF8CF6986A12}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe No File
FirewallRules: [{09646E77-05C4-47B0-AA7C-171071074B85}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe No File
FirewallRules: [{D1181257-C461-45FE-B2CE-F3B2A5AA1C57}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe No File
FirewallRules: [UDP Query User{F26B1BF5-25A0-4699-961A-6B2B7BA6100F}C:\users\cube\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cube\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{A1E87DFE-AAA3-4101-A14E-551A89929AE0}C:\users\cube\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cube\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [{57717DBE-EB48-46B4-9FED-D10F6A4B8766}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{2B041C67-3063-4C69-8679-5857E65964D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{65AE5862-E184-459A-AE60-ECF47CA382A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{116DFDF8-E9D6-466B-A19A-A497823C623E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{5FBD6234-ECD8-4145-B952-BF149E129017}] => (Allow) LPort=511
FirewallRules: [{1F579F9F-2064-4C1A-905A-4BD6B2B34675}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{C59BDAE9-2818-499A-B7AA-EF5AE699F57F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{02314169-BE0E-48EC-A316-432EF00D0A96}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe No File
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
==================== Restore Points =========================
22-08-2019 07:22:06 Instalační služba modulů systému Windows
31-08-2019 14:44:53 Naplánovaný kontrolní bod
02-09-2019 11:51:14 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/10/2019 11:10:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9648,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (09/10/2019 10:38:14 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2764,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (09/10/2019 10:15:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4480,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (09/10/2019 10:06:28 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(0ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (09/10/2019 10:06:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (09/10/2019 10:03:34 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(0ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (09/10/2019 10:03:22 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(16ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (09/10/2019 09:48:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
System errors:
=============
Error: (09/10/2019 10:07:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba FlexNet License Manager neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SQLWriter neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SentinelSecurityRuntime neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PDF Architect 5 Manager neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PDF Architect 5 Creator neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MSSQL$SQLEXPRESS neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Bonjour Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Windows Defender:
===================================
Date: 2019-09-08 10:25:37.395
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Ransom:Win32/Higuniel.A
ID: 2147725777
Závažnost: Vážné
Kategorie: Ransomware
Cesta: file:_C:\Users\Administrator\Desktop\EncryptionChecker.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-08 10:25:27.946
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Ransom:Win32/Higuniel.A
ID: 2147725777
Závažnost: Vážné
Kategorie: Ransomware
Cesta: file:_C:\Users\Administrator\Desktop\EncryptionChecker.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-08 10:25:19.617
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casdet!rfn
ID: 2147727512
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Administrator\Desktop\exploit.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-08 10:25:14.903
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
ID: 2147735505
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Administrator\Desktop\File Encryption.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-08 10:24:54.106
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Ransom:Win32/Higuniel.A
ID: 2147725777
Závažnost: Vážné
Kategorie: Ransomware
Cesta: file:_C:\Users\Administrator\Desktop\EncryptionChecker.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1
Date: 2019-09-10 22:58:53.553
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2019-09-10 22:33:53.260
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2019-09-10 22:33:53.259
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2019-09-10 22:33:53.258
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2019-09-10 22:33:53.247
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
==================== Memory info ===========================
BIOS: FUJITSU // American Megatrends Inc. V4.6.5.3 R1.19.0 for D3161-A1x 12/17/2012
Motherboard: FUJITSU D3161-A1
Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 15%
Total physical RAM: 16231.55 MB
Available physical RAM: 13676.03 MB
Total Virtual: 32615.55 MB
Available Virtual: 30183.84 MB
==================== Drives ================================
Drive a: () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
Drive c: () (Fixed) (Total:465.23 GB) (Free:315.74 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ESD-USB) (Removable) (Total:7.6 GB) (Free:0.92 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 42A6D53C)
Partition 1: (Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=541 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.6 GB) (Disk ID: 31507526)
Partition 1: (Active) - (Size=7.6 GB) - (Type=0C)
==================== End of Addition.txt ============================
Jedna sa o PC po utoku ransomware? Prisiel si o nejake subory alebo si mal zalohu?