otevírání oken

[LuckyphonyxH]

otevírání prohlížeče
podezření na troského koně prosím pomoc

• Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2019 01
  Ran by Veronika (administrator) on VERONIKA-PC (LENOVO 20023) (27-11-2019 21:51:25)
  Running from C:\Users\Veronika\Desktop
  Loaded Profiles: Veronika (Available Profiles: Veronika)
  Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
  Internet Explorer Version 11 (Default browser: Chrome)
  Boot Mode: Normal
  Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
  
  ==================== Processes (Whitelisted) =================
  
  (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  
  ( ) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd\5vszy2zupf4.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak\3tiaxndvusa.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\51n0j51ornz\ntbdsdu1fct.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\530lw4d4wou\5t5k5g1ofvz.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\bco2mddg4r1\i15zv3jcti1.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr\2n3ibfg1ec5.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1\a1h5k0jauph.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\eatapus41nh\3fkmhanidm5.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs\xm20ix1nee4.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds\h0kvbbqacex.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt\p2dt5oljwnw.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\u24yc2snotw\smcgaai3a2x.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh\zcktoyfadwf.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\xggzgvlsfut\r0khvgfjtem.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl\pq3al0mevo0.exe
  ( ) [File not signed] C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk\ki3wnlvozzk.exe
  () [File not signed] C:\Program Files (x86)\MachinerData\inLJ3nrTK3AKJA75.exe
  () [File not signed] C:\Program Files (x86)\MachinerData\main.exe
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-02HL1.tmp\h0kvbbqacex.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0JFGU.tmp\p2dt5oljwnw.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-1BRU5.tmp\xm20ix1nee4.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-3REG3.tmp\ntbdsdu1fct.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4MHR9.tmp\ntnum1b1rzf.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-5UHTJ.tmp\pq3al0mevo0.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-893SD.tmp\2n3ibfg1ec5.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8GE4O.tmp\smcgaai3a2x.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9LKEQ.tmp\a1h5k0jauph.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-BKIEI.tmp\3tiaxndvusa.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-DUTK1.tmp\3fkmhanidm5.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G9204.tmp\kv2tv5dpdjl.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-HPTAU.tmp\5t5k5g1ofvz.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-I01BH.tmp\r0khvgfjtem.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KCVFS.tmp\i15zv3jcti1.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-MPV2U.tmp\5vszy2zupf4.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-N9PHD.tmp\ki3wnlvozzk.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-QRTVQ.tmp\4qg3muv2uaa.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-S3RHP.tmp\MoocBook.tmp
  () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-TC2DF.tmp\zcktoyfadwf.tmp
  (AMS Software) [File not signed] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  (AMS Software) [File not signed] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  (AMS Software) [File not signed] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  (AMS Software) [File not signed] C:\ProgramData\WIFIService\WIFIService.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
  (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
  (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
  (Malwarebytes Inc -> Malwarebytes) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
  (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
  (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
  (Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
  (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
  (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
  (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
  (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
  
  ==================== Registry (Whitelisted) ===================
  
  (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  
  HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  HKLM\...\RunOnce: [ntpjlwwqkjz] => C:\Program Files (x86)\eCertification\650269432.exe [481280 2019-11-26] (Merit) [File not signed]
  HKLM\ DisallowedCertificates: 0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9 (U)
  HKLM\ DisallowedCertificates: 1518752920E9221E1FE1728AACAC536728B37BA7 (Trend Micro) <==== ATTENTION
  HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION
  HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
  HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
  HKLM\ DisallowedCertificates: 328E73F58737F1AB8DB0DA98FECFA17EB7BFAA40 (U)
  HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION
  HKLM\ DisallowedCertificates: 4E393AA1586C93E0BC9E7FEBCF7BFB62066DC22A (U)
  HKLM\ DisallowedCertificates: 4E564B9FBCE8F496FFF51278CCD14EE17F09A1CE (U)
  HKLM\ DisallowedCertificates: 58939B78BC28EF464220127BB754E3D130306988 (U)
  HKLM\ DisallowedCertificates: 5AACB6A43D9D806E6963937BE702B7A43C1978AE (U)
  HKLM\ DisallowedCertificates: 5DE56B2BAAA995F447949B869356528F91230A49 (U)
  HKLM\ DisallowedCertificates: 7450C07722C75E711EF24209A22F0C5C6A5BEC4E (U)
  HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
  HKLM\ DisallowedCertificates: 78C55D604474B534EB2B565CAD312FC7D71FE9DE (U)
  HKLM\ DisallowedCertificates: 816BE9397F66D1A26EFA04035BCA3BB9E3779740 (U)
  HKLM\ DisallowedCertificates: 8887AF2636E0D3B763AC4D56729218AF89653CA4 (U)
  HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
  HKLM\ DisallowedCertificates: 8B6DD299C6E4092040E98EB773F3818DF50B038D (U)
  HKLM\ DisallowedCertificates: 8DC9FE53D5F1D7D558EBE131E922730780D88865 (U)
  HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION
  HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
  HKLM\ DisallowedCertificates: AA8399A239AE1785200917D32C21F6B662477BE4 (U)
  HKLM\ DisallowedCertificates: AEEA60E86C66327BFBB8492C33122687AB2B5D91 (U)
  HKLM\ DisallowedCertificates: B7E607E1FB8943C634580F621788C01C962E8280 (U)
  HKLM\ DisallowedCertificates: BDEEFEC5F002E281B2292A8C72EACA468CBF9952 (U)
  HKLM\ DisallowedCertificates: BE894F99B870DA5FCA623F7F4A85D3970A46CDE1 (U)
  HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== ATTENTION
  HKLM\ DisallowedCertificates: D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 (U)
  HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== ATTENTION
  HKLM\ DisallowedCertificates: E27AA5FFDCA62A60E435292A243D0C6D43DCC513 (U)
  HKLM\ DisallowedCertificates: E4A0C1054F8025DD88EE5053094A9A61661AE123 (U)
  HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION
  HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
  HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83524968 2019-11-12] (Skype Software Sarl -> Skype Technologies S.A.)
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9760501] => C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe [4761857 2019-11-26] ( ) [File not signed] <==== ATTENTION
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4841868] => C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5584817] => C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds\h0kvbbqacex.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [590287] => C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1\a1h5k0jauph.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5665255] => C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs\xm20ix1nee4.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [7297948] => C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd\5vszy2zupf4.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2842562] => C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh\zcktoyfadwf.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8146983] => C:\Users\Veronika\AppData\Roaming\530lw4d4wou\5t5k5g1ofvz.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2651579] => C:\Users\Veronika\AppData\Roaming\51n0j51ornz\ntbdsdu1fct.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3207748] => C:\Users\Veronika\AppData\Roaming\eatapus41nh\3fkmhanidm5.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4302746] => C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt\p2dt5oljwnw.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4312007] => C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2875838] => C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3234451] => C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr\2n3ibfg1ec5.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [454306] => C:\Users\Veronika\AppData\Roaming\u24yc2snotw\smcgaai3a2x.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8750413] => C:\Users\Veronika\AppData\Roaming\bco2mddg4r1\i15zv3jcti1.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4316658] => C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk\ki3wnlvozzk.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [287421] => C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak\3tiaxndvusa.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9157455] => C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl\pq3al0mevo0.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [1573082] => C:\Users\Veronika\AppData\Roaming\xggzgvlsfut\r0khvgfjtem.exe [4503502 2019-11-27] ( ) [File not signed]
  HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
  HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-25] (Google LLC -> Google LLC)
  GroupPolicy: Restriction ? <==== ATTENTION
  CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  
  ==================== Scheduled Tasks (Whitelisted) ============
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  Task: {087FE49D-89E7-4FE8-95AB-598229594171} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4292608 2019-11-26] (AMS Software) [File not signed]
  Task: {09198B41-0F32-466B-BE7C-FE258EDBEF8E} - System32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947} => C:\Windows\system32\pcalua.exe -a C:\Users\Veronika\AppData\Local\Temp\Uninstall.exe -d C:\Users\Veronika\AppData\Local\Temp <==== ATTENTION
  Task: {211DADC8-BA36-437A-8D5E-A7A46BD89132} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  Task: {3465FA29-1DF6-49BB-9B9E-BF9F4587E571} - System32\Tasks\Games\UpdateCheck_S-1-5-21-966870082-2284507984-435399636-1001 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
  Task: {34787DC9-FE1A-4C13-AA57-E2F46EB66EDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4292608 2019-11-26] (AMS Software) [File not signed]
  Task: {4826603D-CD07-41A2-B5B1-63593DC685E8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
  Task: {74368A99-76D6-46DF-8CF3-5DC86705E409} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  Task: {9423663B-BB96-41A8-BBB2-C077893A92ED} - System32\Tasks\gXlzblTuor => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\gXlzblTuor\gXlzblTuor.dll",gXlzblTuor <==== ATTENTION
  Task: {A08CA1F1-EDF7-475D-B42F-E43C3C153425} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  Task: {ADE9E4EB-B17E-452E-A6DC-1D0F270D70A3} - System32\Tasks\SlimDrivers Scan => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [29877336 2018-07-09] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
  Task: {EBFC38AE-BF5B-4ABE-BBFD-E3F91EC0CFD8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
  Task: {FA9A9017-F87C-41D2-A392-4235B0E01DA1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  
  (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
  
  Task: C:\Windows\Tasks\SlimDrivers Scan.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
  
  ==================== Internet (Whitelisted) ====================
  
  (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  
  Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
  Tcpip\..\Interfaces\{0750AF29-670A-49B3-87A6-18EF5ACF4A94}: [DhcpNameServer] 192.168.0.1 0.0.0.0
  Tcpip\..\Interfaces\{C30AADCB-172C-4238-836F-0A5EB4CAD793}: [DhcpNameServer] 192.168.0.1 0.0.0.0
  
  Internet Explorer:
  ==================
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
  BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
  BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
  BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
  BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
  BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
  Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
  
  FireFox:
  ========
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
  FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
  FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
  FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
  
  Chrome:
  =======
  CHR Profile: C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default [2019-11-27]
  CHR Extension: (Prezentace) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-21]
  CHR Extension: (Dokumenty) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-21]
  CHR Extension: (Disk Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-21]
  CHR Extension: (YouTube) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-21]
  CHR Extension: (Tabulky) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-21]
  CHR Extension: (Dokumenty Google offline) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-21]
  CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-13]
  CHR Extension: (Gmail) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-21]
  CHR Extension: (Chrome Media Router) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-31]
  
  ==================== Services (Whitelisted) ===================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  R2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4292608 2019-11-26] (AMS Software) [File not signed]
  S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4292608 2019-11-26] (AMS Software) [File not signed]
  R2 Main Service; C:\Program Files (x86)\MachinerData\inLJ3nrTK3AKJA75.exe [2846208 2019-11-26] () [File not signed]
  R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-27] (Malwarebytes Inc -> Malwarebytes) [File not signed]
  R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  R2 WIFIService; C:\ProgramData\WIFIService\WIFIService.exe [4292608 2019-11-26] (AMS Software) [File not signed] <==== ATTENTION
  S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
  
  ===================== Drivers (Whitelisted) ===================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
  R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
  R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [53800 2018-11-21] (Synaptics Incorporated -> Synaptics Incorporated)
  S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2019-11-25] (SlimWare Utilities Inc. -> )
  R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [197376 2009-10-16] (Microsoft Windows Hardware Compatibility Publisher -> SMI)
  S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\QMUdisk64.sys [X]
  S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\softaal64.sys [X]
  S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\TsNetHlpX64.sys [X]
  
  ==================== NetSvcs (Whitelisted) ===================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  
  ==================== One month (created) ===================
  
  (If an entry is included in the fixlist, the file/folder will be moved.)
  
  2019-11-27 21:51 - 2019-11-27 21:53 - 000025735 _____ C:\Users\Veronika\Desktop\FRST.txt
  2019-11-27 21:50 - 2019-11-27 21:50 - 000007369 _____ C:\Users\Veronika\Downloads\Addition.txt
  2019-11-27 21:32 - 2019-11-27 21:52 - 000000000 ____D C:\FRST
  2019-11-27 21:32 - 2019-11-27 21:50 - 000039037 _____ C:\Users\Veronika\Downloads\FRST.txt
  2019-11-27 21:30 - 2019-11-27 21:31 - 002262016 _____ (Farbar) C:\Users\Veronika\Desktop\FRST64.exe
  2019-11-27 21:27 - 2019-11-27 21:27 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
  2019-11-27 21:27 - 2019-11-27 21:27 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
  2019-11-27 21:27 - 2019-11-27 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
  2019-11-27 21:25 - 2019-11-27 21:24 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
  2019-11-27 21:24 - 2019-11-27 21:24 - 000000000 ____D C:\ProgramData\Malwarebytes
  2019-11-27 21:22 - 2019-11-27 21:22 - 000000000 ____D C:\Program Files\Malwarebytes
  2019-11-27 21:21 - 2019-11-27 21:22 - 001883976 _____ (Malwarebytes) C:\Users\Veronika\Downloads\MBSetup.exe
  2019-11-27 21:21 - 2019-11-27 21:22 - 001883976 _____ (Malwarebytes) C:\Users\Veronika\Downloads\MBSetup (1).exe
  2019-11-27 18:54 - 2019-11-27 21:55 - 000000004 _____ C:\ProgramData\rc.dat
  2019-11-27 18:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\IPJFH4JKHZ
  2019-11-27 18:53 - 2019-11-27 19:03 - 000000016 _____ C:\ProgramData\irw.atsd
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000008 _____ C:\ProgramData\ts.dat
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000004 _____ C:\ProgramData\lock.dat
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xggzgvlsfut
  2019-11-26 15:25 - 2019-11-26 15:25 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl
  2019-11-26 15:15 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\JUIQYG9EOD
  2019-11-26 15:15 - 2019-11-26 15:15 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak
  2019-11-26 15:04 - 2019-11-26 15:05 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk
  2019-11-26 14:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\Y8AEA5ZTBW
  2019-11-26 14:53 - 2019-11-26 14:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bco2mddg4r1
  2019-11-26 14:42 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\D1O9U7J0B1
  2019-11-26 14:42 - 2019-11-26 14:42 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\u24yc2snotw
  2019-11-26 14:32 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\YQU2UKK1V9
  2019-11-26 14:32 - 2019-11-26 14:32 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr
  2019-11-26 14:23 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\EFPFJ7GM61
  2019-11-26 14:22 - 2019-11-26 14:23 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk
  2019-11-26 14:10 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\ZT9NCEXCAJ
  2019-11-26 14:00 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\QJ3CEGZCB0
  2019-11-26 14:00 - 2019-11-26 14:00 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn
  2019-11-26 13:49 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\K4RUKIW5PV
  2019-11-26 13:49 - 2019-11-26 13:49 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt
  2019-11-26 13:37 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\F5N3PJ8KIB
  2019-11-26 13:37 - 2019-11-26 13:37 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\eatapus41nh
  2019-11-26 13:27 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\RL9BDDHZUZ
  2019-11-26 13:27 - 2019-11-26 13:27 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\51n0j51ornz
  2019-11-26 13:16 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2WZXD4F86N
  2019-11-26 13:16 - 2019-11-26 13:16 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\530lw4d4wou
  2019-11-26 13:07 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\L40ZKRHTMW
  2019-11-26 13:07 - 2019-11-26 13:07 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh
  2019-11-26 12:56 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\LEMOQ9SXAM
  2019-11-26 12:56 - 2019-11-26 12:56 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd
  2019-11-26 12:50 - 2019-11-26 12:50 - 000000000 ____D C:\ProgramData\WIFIService
  2019-11-26 12:46 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\7IIVQBB6DF
  2019-11-26 12:46 - 2019-11-26 12:46 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs
  2019-11-26 12:44 - 2019-11-26 12:44 - 000003186 _____ C:\Windows\system32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947}
  2019-11-26 12:36 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\WN6Z5WTRQJ
  2019-11-26 12:36 - 2019-11-26 12:36 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1
  2019-11-26 12:31 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds
  2019-11-26 12:28 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\DRPSu
  2019-11-26 12:22 - 2019-11-27 21:55 - 000016712 _____ C:\Windows\system32\Tasks\gXlzblTuor
  2019-11-26 12:22 - 2019-11-27 18:52 - 000000422 __RSH C:\ProgramData\ntuser.pol
  2019-11-26 12:22 - 2019-11-26 12:22 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\ScreenToGif
  2019-11-26 12:22 - 2019-09-19 17:16 - 000000000 ____D C:\Program Files (x86)\gXlzblTuor
  2019-11-26 12:21 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2RSAIQOU2X
  2019-11-26 12:21 - 2019-11-26 12:21 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\1nky1jwt45z
  2019-11-26 12:20 - 2019-11-26 12:20 - 000000000 ____D C:\Program Files (x86)\MachinerData
  2019-11-26 12:19 - 2019-11-26 12:22 - 000000000 ____D C:\Program Files (x86)\eCertification
  2019-11-26 12:18 - 2019-11-26 12:18 - 005916484 _____ C:\Users\Veronika\Downloads\driver-autocom-cdp-usb_bd2e186.zip
  2019-11-26 12:15 - 2019-11-26 12:15 - 013082576 _____ (TweakBit ) C:\Users\Veronika\Downloads\autocom_cdp_usb.exe
  2019-11-26 12:06 - 2019-11-26 12:06 - 000050566 _____ C:\Users\Veronika\AppData\Roaming\yuhbgv.exe
  2019-11-26 09:58 - 2019-11-26 09:58 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
  2019-11-26 09:58 - 2019-11-26 09:58 - 000001306 _____ C:\ProgramData\Desktop\Skype.lnk
  2019-11-26 09:58 - 2019-11-26 09:58 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\Skype
  2019-11-26 09:58 - 2019-11-26 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
  2019-11-25 18:49 - 2019-11-25 18:49 - 000000000 ____D C:\Program Files (x86)\Company
  2019-11-25 18:39 - 2019-11-26 12:06 - 000511600 _____ (Michael P. Mehl <michael.mehl@web.de>) C:\Users\Veronika\AppData\Roaming\brtvecet4re.exe
  2019-11-25 18:33 - 2019-11-25 18:33 - 001997312 _____ C:\Users\Veronika\AppData\Roaming\4gtrecwr3t4g.exe
  2019-11-25 18:33 - 2019-11-25 18:33 - 000000000 ____D C:\Program Files (x86)\Opura
  2019-11-25 18:30 - 2019-11-26 12:04 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\ActiveX
  2019-11-25 18:29 - 2019-11-25 18:29 - 000000000 ____D C:\ProgramData\LamiaR
  2019-11-25 07:42 - 2019-11-25 13:16 - 000000000 __SHD C:\Users\Veronika\wc
  2019-11-25 07:42 - 2019-11-25 07:42 - 000000000 __SHD C:\Users\Veronika\AppData\Roaming\wyUpdate AU
  2019-11-15 14:23 - 2019-11-27 21:06 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
  2019-11-15 14:23 - 2019-11-15 14:23 - 000002820 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
  2019-11-15 14:23 - 2019-11-15 14:23 - 000000000 ____D C:\Program Files\CCleaner
  2019-11-15 14:11 - 2019-11-15 14:11 - 000000000 ____D C:\Users\Veronika\AppData\Local\CEF
  2019-11-15 13:51 - 2019-11-15 13:51 - 000000000 ____D C:\Program Files\Common Files\Tencent
  2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\QMLogEx
  2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\ProgramData\TXQMPC
  2019-11-15 13:49 - 2019-11-15 13:49 - 000000000 ____D C:\Program Files (x86)\Tencent
  2019-11-15 13:45 - 2019-11-26 10:40 - 001560632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
  2019-11-15 07:43 - 2019-11-15 14:26 - 000000000 ____D C:\ProgramData\Tencent
  2019-11-15 07:43 - 2019-11-15 13:48 - 000633144 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000545080 _____ (Microsoft Corporation) C:\Windows\system32\vcamp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000440120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000400184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcamp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000395592 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000333632 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000267592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000244032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000185144 _____ (Microsoft Corporation) C:\Windows\system32\vcomp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000138560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000087880 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
  2019-11-15 07:42 - 2019-11-15 13:55 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\Tencent
  
  ==================== One month (modified) ==================
  
  (If an entry is included in the fixlist, the file/folder will be moved.)
  
  2019-11-27 21:52 - 2009-07-14 05:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  2019-11-27 21:52 - 2009-07-14 05:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  2019-11-27 21:16 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
  2019-11-27 20:10 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
  2019-11-27 18:52 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
  2019-11-26 12:42 - 2019-08-21 11:02 - 000000000 ____D C:\Program Files\CONEXANT
  2019-11-26 12:39 - 2019-08-21 11:26 - 000000000 ____D C:\Windows\Panther
  2019-11-26 12:22 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
  2019-11-26 12:08 - 2019-08-21 12:01 - 000000000 ____D C:\Windows\system32\MRT
  2019-11-26 12:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
  2019-11-26 10:52 - 2019-08-21 12:01 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
  2019-11-26 10:48 - 2019-08-22 10:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
  2019-11-26 10:48 - 2009-07-14 03:34 - 000000581 _____ C:\Windows\win.ini
  2019-11-26 10:40 - 2009-07-14 16:18 - 000669274 _____ C:\Windows\system32\perfh005.dat
  2019-11-26 10:40 - 2009-07-14 16:18 - 000141342 _____ C:\Windows\system32\perfc005.dat
  2019-11-26 10:40 - 2009-07-14 06:13 - 001560632 _____ C:\Windows\system32\PerfStringBackup.INI
  2019-11-26 09:31 - 2019-08-21 12:04 - 000000000 ____D C:\Users\Veronika\Desktop\Honza
  2019-11-25 13:09 - 2019-08-21 10:43 - 000013920 _____ C:\Windows\system32\Drivers\SWDUMon.sys
  2019-11-25 12:57 - 2009-07-14 06:09 - 000000000 ____D C:\Windows\system32\Tasks\WPD
  2019-11-25 08:52 - 2019-08-21 11:11 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
  2019-11-25 08:52 - 2019-08-21 11:11 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
  2019-11-25 08:52 - 2019-08-21 11:11 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
  2019-11-25 07:42 - 2019-08-21 10:34 - 000000000 ____D C:\Users\Veronika
  2019-11-25 07:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
  2019-11-20 19:18 - 2019-08-21 10:43 - 000000470 _____ C:\Windows\Tasks\SlimDrivers Scan.job
  2019-11-15 16:00 - 2019-09-21 15:00 - 000000000 ____D C:\Users\Veronika\Documents\Stronghold Crusader
  2019-11-15 13:37 - 2019-10-27 16:00 - 000000264 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
  2019-11-15 13:37 - 2019-10-27 16:00 - 000000000 ____D C:\ProgramData\Delphi
  2019-11-15 13:36 - 2019-10-27 15:59 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\Delphi
  2019-11-15 07:44 - 2019-08-21 11:09 - 000003388 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
  2019-11-15 07:44 - 2019-08-21 11:09 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
  2019-11-15 07:43 - 2019-08-21 11:09 - 000000000 ____D C:\Program Files (x86)\Google
  2019-11-15 07:42 - 2019-10-27 16:35 - 000000000 ____D C:\9fcdaa2dcb4d0a4db689afc6cb48e1c8
  2019-11-12 22:03 - 2019-08-21 10:52 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
  2019-10-31 19:19 - 2019-08-21 12:29 - 000000000 ____D C:\Users\Veronika\Desktop\Verča
  
  ==================== Files in the root of some directories ========
  
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000004 _____ () C:\ProgramData\lock.dat
  2019-11-27 18:54 - 2019-11-27 21:55 - 000000004 _____ () C:\ProgramData\rc.dat
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000008 _____ () C:\ProgramData\ts.dat
  2019-11-25 18:33 - 2019-11-25 18:33 - 001997312 _____ () C:\Users\Veronika\AppData\Roaming\4gtrecwr3t4g.exe
  2019-11-25 18:39 - 2019-11-26 12:06 - 000511600 _____ (Michael P. Mehl <michael.mehl@web.de>) C:\Users\Veronika\AppData\Roaming\brtvecet4re.exe
  2019-11-26 12:06 - 2019-11-26 12:06 - 000050566 _____ () C:\Users\Veronika\AppData\Roaming\yuhbgv.exe
  
  ==================== SigCheck ============================
  
  (There is no automatic fix for files that do not pass verification.)
  
  
  LastRegBack: 2019-11-26 11:52
  ==================== End of FRST.txt ========================

• Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
  Ran by Veronika (27-11-2019 21:55:47)
  Running from C:\Users\Veronika\Desktop
  Windows 7 Professional Service Pack 1 (X64) (2019-08-21 09:34:47)
  Boot Mode: Normal
  ==========================================================
  
  
  ==================== Accounts: =============================
  
  Administrator (S-1-5-21-966870082-2284507984-435399636-500 - Administrator - Disabled)
  Guest (S-1-5-21-966870082-2284507984-435399636-501 - Limited - Disabled)
  HomeGroupUser$ (S-1-5-21-966870082-2284507984-435399636-1002 - Limited - Enabled)
  Veronika (S-1-5-21-966870082-2284507984-435399636-1001 - Administrator - Enabled) => C:\Users\Veronika
  
  ==================== Security Center ========================
  
  (If an entry is included in the fixlist, it will be removed.)
  
  AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
  AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
  AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  
  ==================== Installed Programs ======================
  
  (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
  
  CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
  Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
  Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
  Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
  Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
  Lenovo EasyCamera (HKLM\...\Lenovo EasyCamera) (Version: 5.8.0.12 - Silicon Motion)
  Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion)
  Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
  Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
  Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
  Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
  Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
  Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
  Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
  Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
  Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
  Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
  Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
  Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.101.714.2016 - Realtek)
  Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
  Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
  Skype verze 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
  SlimDrivers (HKLM-x32\...\{6DF079D7-2A57-4710-81B1-064649FF86FC}) (Version: 2.3.2 - Slimware Utilities Holdings, Inc.) Hidden
  SlimDrivers (HKLM-x32\...\SlimDrivers) (Version: 2.3.2 - Slimware Utilities Holdings, Inc.)
  Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.0.0.6 - GOG.com)
  Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
  Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
  Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
  Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
  WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
  
  ==================== Custom CLSID (Whitelisted): ==============
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
  ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
  ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2000-01-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
  ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
  ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
  
  ==================== Codecs (Whitelisted) ====================
  
  ==================== Shortcuts & WMI ========================
  
  ==================== Loaded Modules (Whitelisted) =============
  
  2019-11-26 12:22 - 2019-09-19 17:16 - 003977728 _____ () [File not signed] C:\Program Files (x86)\gXlzblTuor\gXlzblTuor.dll
  2019-11-26 09:58 - 2019-11-12 18:26 - 001901568 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
  2019-11-26 09:58 - 2019-11-12 18:26 - 000115712 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
  2019-11-26 09:58 - 2019-11-12 18:26 - 004636672 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-02HL1.tmp\h0kvbbqacex.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0HNNE.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0JFGU.tmp\p2dt5oljwnw.tmp
  2019-11-27 18:54 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0VJJ2.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-1BRU5.tmp\xm20ix1nee4.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-2B7HC.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-3REG3.tmp\ntbdsdu1fct.tmp
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4MHR9.tmp\ntnum1b1rzf.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4SB3F.tmp\itdownload.dll
  2019-11-27 18:54 - 2019-11-27 18:54 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-5UHTJ.tmp\pq3al0mevo0.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-60RIP.tmp\itdownload.dll
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-6G5U6.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-893SD.tmp\2n3ibfg1ec5.tmp
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8GE4O.tmp\smcgaai3a2x.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8Q61A.tmp\itdownload.dll
  2019-11-27 18:54 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9BAMI.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9LKEQ.tmp\a1h5k0jauph.tmp
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-BKIEI.tmp\3tiaxndvusa.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-C3SPV.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-DUTK1.tmp\3fkmhanidm5.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-E499G.tmp\itdownload.dll
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G02EM.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G9204.tmp\kv2tv5dpdjl.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-GVBHH.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-HPTAU.tmp\5t5k5g1ofvz.tmp
  2019-11-27 18:53 - 2019-11-27 18:53 - 000814592 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-I01BH.tmp\r0khvgfjtem.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-II5F6.tmp\itdownload.dll
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JAB31.tmp\itdownload.dll
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JNBP8.tmp\itdownload.dll
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-K7AGM.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KCVFS.tmp\i15zv3jcti1.tmp
  2019-11-27 18:54 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KRUOU.tmp\itdownload.dll
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-M3SAT.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-MPV2U.tmp\5vszy2zupf4.tmp
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-N9PHD.tmp\ki3wnlvozzk.tmp
  2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-PSVVA.tmp\itdownload.dll
  2019-11-27 18:54 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-Q20IF.tmp\itdownload.dll
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-QRTVQ.tmp\4qg3muv2uaa.tmp
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-S3RHP.tmp\MoocBook.tmp
  2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-TC2DF.tmp\zcktoyfadwf.tmp
  2019-11-25 08:51 - 2019-11-26 12:19 - 064562672 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\chrome.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0HNNE.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0VJJ2.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-2B7HC.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4SB3F.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-60RIP.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-6G5U6.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8Q61A.tmp\idp.dll
  2019-11-27 18:54 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9BAMI.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-C3SPV.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-E499G.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G02EM.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-GVBHH.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-II5F6.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JAB31.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JNBP8.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-K7AGM.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KRUOU.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-M3SAT.tmp\idp.dll
  2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-PSVVA.tmp\idp.dll
  2019-11-27 18:54 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-Q20IF.tmp\idp.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0HNNE.tmp\psvince.dll
  2019-11-27 18:54 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0VJJ2.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-2B7HC.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4SB3F.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-60RIP.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-6G5U6.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8Q61A.tmp\psvince.dll
  2019-11-27 18:54 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9BAMI.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-C3SPV.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-E499G.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G02EM.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-GVBHH.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-II5F6.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JAB31.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JNBP8.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-K7AGM.tmp\psvince.dll
  2019-11-27 18:54 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KRUOU.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-M3SAT.tmp\psvince.dll
  2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-PSVVA.tmp\psvince.dll
  2019-11-27 18:54 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-Q20IF.tmp\psvince.dll
  
  ==================== Alternate Data Streams (Whitelisted) ========
  
  ==================== Safe Mode (Whitelisted) ==================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
  
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
  
  ==================== Association (Whitelisted) =================
  
  ==================== Internet Explorer trusted/restricted ==========
  
  ==================== Hosts content: =========================
  
  (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
  
  2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
  
  ==================== Other Areas ===========================
  
  (Currently there is no automatic fix for this section.)
  
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\Control Panel\Desktop\\Wallpaper ->
  DNS Servers: 192.168.0.1
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
  Windows Firewall is enabled.
  
  ==================== MSCONFIG/TASK MANAGER disabled items ==
  
  ==================== FirewallRules (Whitelisted) ================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
  FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
  FirewallRules: [{E4159AB9-30DA-4C89-B8EF-3D9F88BCE806}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
  FirewallRules: [{765AA769-3E5B-4158-B40D-DA5B67E7A886}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
  FirewallRules: [{90778EAF-685A-4D92-A006-E6FA459305F9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
  FirewallRules: [{C5CE2D95-A52F-4005-AFB9-8E5C3FDCD930}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
  FirewallRules: [{B55B725D-151C-4022-B88F-3D9E63027A5A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
  FirewallRules: [{6DE0A74D-3525-43F1-9407-D1D6D1333B62}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
  FirewallRules: [{E6982795-1F07-4AA8-AEE4-9CFEA3D47E9A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
  FirewallRules: [{DC8ACFA5-68A9-4A40-88C7-B7817A954038}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
  FirewallRules: [{459F3D1B-AD62-4573-92E1-1F3006647F14}] => (Allow) C:\Users\Veronika\AppData\Local\Temp\DriverPack-20191126122801\tools\aria2c.exe No File
  FirewallRules: [{DEDED450-F8BC-4F57-98CE-2F9412E94A01}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
  FirewallRules: [{77BF4294-EA79-4C25-ACDA-0E219DE551CF}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
  
  ==================== Restore Points =========================
  
  26-09-2019 16:08:22 Windows Update
  30-09-2019 09:27:49 Windows Update
  13-10-2019 09:07:10 Windows Update
  22-10-2019 06:16:41 Windows Update
  27-10-2019 15:21:43 Windows Update
  31-10-2019 19:38:48 Windows Update
  15-11-2019 08:02:19 Windows Update
  25-11-2019 11:38:05 Windows Update
  26-11-2019 10:24:14 Windows Update
  26-11-2019 12:31:20 DriverPack 17.11.13
  
  ==================== Faulty Device Manager Devices ============
  
  Name: softaal
  Description: softaal
  Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
  Manufacturer:
  Service: softaal
  Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
  Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
  Devices stay in this state if they have been prepared for removal.
  After you remove the device, this error disappears.Remove the device, and this error should be resolved.
  
  Name: Autocom CDP+ USB
  Description: Autocom CDP+ USB
  Class Guid:
  Manufacturer:
  Service:
  Problem: : The drivers for this device are not installed. (Code 28)
  Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
  
  Name: tencent QMUdisk
  Description: tencent QMUdisk
  Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
  Manufacturer:
  Service: QMUdisk
  Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
  Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
  Devices stay in this state if they have been prepared for removal.
  After you remove the device, this error disappears.Remove the device, and this error should be resolved.
  
  Name:
  Description:
  Class Guid:
  Manufacturer:
  Service:
  Problem: : The drivers for this device are not installed. (Code 28)
  Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
  
  Name: TsNetHlpX64.sys
  Description: TsNetHlpX64.sys
  Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
  Manufacturer:
  Service: tsnethlpx64
  Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
  Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
  Devices stay in this state if they have been prepared for removal.
  After you remove the device, this error disappears.Remove the device, and this error should be resolved.
  
  
  ==================== Event log errors: ========================
  
  Application errors:
  ==================
  Error: (11/27/2019 09:50:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
  Description: Program FRST64.exe verze 25.11.2019.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
  
  ID procesu: 142c
  
  Čas spuštění: 01d5a561c1f47df3
  
  Čas ukončení: 15
  
  Cesta k aplikaci: C:\Users\Veronika\Downloads\FRST64.exe
  
  ID hlášení:
  
  Error: (11/27/2019 09:30:31 PM) (Source: Application Error) (EventID: 1000) (User: )
  Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
  Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24384, časové razítko: 0x5c6e2180
  Kód výjimky: 0xc0000374
  Posun chyby: 0x000ce9a3
  ID chybujícího procesu: 0x27e8
  Čas spuštění chybující aplikace: 0x01d5a5616e96c964
  Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  Cesta k chybujícímu modulu: C:\Windows\SysWOW64\ntdll.dll
  ID zprávy: c15f244d-1154-11ea-a5c0-1c7508558ab8
  
  Error: (11/27/2019 09:30:21 PM) (Source: Application Error) (EventID: 1000) (User: )
  Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
  Název chybujícího modulu: Qt5Core.dll, verze: 5.13.2.0, časové razítko: 0x5dcd60b9
  Kód výjimky: 0xc0000005
  Posun chyby: 0x001b487e
  ID chybujícího procesu: 0x27e8
  Čas spuštění chybující aplikace: 0x01d5a5616e96c964
  Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
  ID zprávy: bb77fa3d-1154-11ea-a5c0-1c7508558ab8
  
  Error: (11/27/2019 09:29:57 PM) (Source: Application Error) (EventID: 1000) (User: )
  Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
  Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24384, časové razítko: 0x5c6e2180
  Kód výjimky: 0xc0000374
  Posun chyby: 0x000ce9a3
  ID chybujícího procesu: 0x1598
  Čas spuštění chybující aplikace: 0x01d5a561261fc4b3
  Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  Cesta k chybujícímu modulu: C:\Windows\SysWOW64\ntdll.dll
  ID zprávy: acf85eb4-1154-11ea-a5c0-1c7508558ab8
  
  Error: (11/27/2019 09:29:12 PM) (Source: Application Error) (EventID: 1000) (User: )
  Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
  Název chybujícího modulu: Qt5Core.dll, verze: 5.13.2.0, časové razítko: 0x5dcd60b9
  Kód výjimky: 0xc0000005
  Posun chyby: 0x001b487e
  ID chybujícího procesu: 0x1598
  Čas spuštění chybující aplikace: 0x01d5a561261fc4b3
  Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
  ID zprávy: 91ea779b-1154-11ea-a5c0-1c7508558ab8
  
  
  System errors:
  =============
  
  ==================== Memory info ===========================
  
  BIOS: LENOVO 18CN46WW(V2.55) 05/21/2010
  Motherboard: LENOVO NITU1
  Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
  Percentage of memory in use: 92%
  Total physical RAM: 3032.6 MB
  Available physical RAM: 215.86 MB
  Total Virtual: 6063.34 MB
  Available Virtual: 1630.67 MB
  
  ==================== Drives ================================
  
  Drive c: () (Fixed) (Total:465.66 GB) (Free:341.87 GB) NTFS
  
  \\?\Volume{cfbaabf1-c3f5-11e9-b0c6-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
  
  ==================== MBR & Partition Table ====================
  
  ==========================================================
  Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B40280FB)
  Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
  Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
  
  ==================== End of Addition.txt =======================

[Conder]

Ahoj

PC je naozaj pomerne dost zavirovany, ale snad to spolu zvladneme

Urob v Malwarebytes uplny sken

• Stiahni a nainstaluj Malwarebytes (MB/MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
• Ignoruj skusobnu trial verziu
• Otvor Malwarebytes a vlavo klikni na "Skenovat"
• Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
• Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
• Klikni na Skenovat teraz a pockaj na dokoncenie
• Po dokonceni klikni na Exportovat zhrnutie -> Skopirovat do schranky
• Skopirovany log vloz do dalsej odpovede
• Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868

[LuckyphonyxH]

Nejde mi malvare vubec spustit píše to že ho blokuje system
Když vypnu firewall počítač sé sám restartuje

[Conder]

Pouzi rkill podla navodu kolegu:

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.com
• obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
• nerestartujte ted pocitac jinak prijdete o ucinek rkillu

Nasledne skus opat spustit Malwarebytes podla predchadzajuceho navodu

[LuckyphonyxH]

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2019 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/27/2019 11:21:06 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\ProgramData\WIFIService\WIFIService.exe (PID: 1768) [AU-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe (PID: 3664) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe (PID: 3664) [T-HEUR]
* C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe (PID: 3672) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds\h0kvbbqacex.exe (PID: 3680) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1\a1h5k0jauph.exe (PID: 3688) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs\xm20ix1nee4.exe (PID: 3696) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd\5vszy2zupf4.exe (PID: 3708) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh\zcktoyfadwf.exe (PID: 3720) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\530lw4d4wou\5t5k5g1ofvz.exe (PID: 3732) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\51n0j51ornz\ntbdsdu1fct.exe (PID: 3744) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\eatapus41nh\3fkmhanidm5.exe (PID: 3756) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt\p2dt5oljwnw.exe (PID: 3768) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe (PID: 3776) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe (PID: 3784) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr\2n3ibfg1ec5.exe (PID: 3792) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\u24yc2snotw\smcgaai3a2x.exe (PID: 3800) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\bco2mddg4r1\i15zv3jcti1.exe (PID: 3808) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk\ki3wnlvozzk.exe (PID: 3816) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak\3tiaxndvusa.exe (PID: 3824) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl\pq3al0mevo0.exe (PID: 3832) [UP-HEUR]
* C:\Users\Veronika\AppData\Roaming\xggzgvlsfut\r0khvgfjtem.exe (PID: 3840) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-253MI.tmp\ntnum1b1rzf.tmp (PID: 3864) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-81885.tmp\MoocBook.tmp (PID: 3872) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-JQNIV.tmp\4qg3muv2uaa.tmp (PID: 3880) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-JQNIV.tmp\4qg3muv2uaa.tmp (PID: 3880) [T-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-GFFQ5.tmp\smcgaai3a2x.tmp (PID: 3888) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-KH8R4.tmp\3tiaxndvusa.tmp (PID: 3896) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-KH8R4.tmp\3tiaxndvusa.tmp (PID: 3896) [T-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-JQNJ0.tmp\p2dt5oljwnw.tmp (PID: 3904) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-4KFF5.tmp\ntbdsdu1fct.tmp (PID: 3912) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-4KFF5.tmp\ntbdsdu1fct.tmp (PID: 3912) [T-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-253MJ.tmp\i15zv3jcti1.tmp (PID: 3920) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-4KFF6.tmp\2n3ibfg1ec5.tmp (PID: 3932) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-4KFF6.tmp\2n3ibfg1ec5.tmp (PID: 3932) [T-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-GB7I4.tmp\xm20ix1nee4.tmp (PID: 3940) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-81884.tmp\kv2tv5dpdjl.tmp (PID: 3948) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-5C37B.tmp\ki3wnlvozzk.tmp (PID: 3956) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-5C37B.tmp\ki3wnlvozzk.tmp (PID: 3956) [T-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-IURIO.tmp\5vszy2zupf4.tmp (PID: 3964) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-IURIP.tmp\zcktoyfadwf.tmp (PID: 3972) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-ULJLN.tmp\h0kvbbqacex.tmp (PID: 3980) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-ULJLN.tmp\h0kvbbqacex.tmp (PID: 3980) [T-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-5C37C.tmp\pq3al0mevo0.tmp (PID: 3988) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-5C37C.tmp\pq3al0mevo0.tmp (PID: 3988) [T-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-I61IR.tmp\r0khvgfjtem.tmp (PID: 3996) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-I61IR.tmp\r0khvgfjtem.tmp (PID: 3996) [T-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-VHFLU.tmp\3fkmhanidm5.tmp (PID: 4004) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-MA3BI.tmp\5t5k5g1ofvz.tmp (PID: 4012) [UP-HEUR]
* C:\Users\Veronika\AppData\Local\Temp\is-GB7I5.tmp\a1h5k0jauph.tmp (PID: 4020) [UP-HEUR]

50 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/27/2019 11:27:25 PM
Execution time: 0 hours(s), 6 minute(s), and 18 seconds(s)

[LuckyphonyxH]

Malware stale nejde spustit místo odkazu od vás se mi zobrazí reklama otevrel sme to podle linku telefonu a povedlo se mi aspon log rkillu

[Conder]

Pouzi znovu RKill:

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.com
• obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
• nerestartujte ted pocitac jinak prijdete o ucinek rkillu

Stiahni TDSSKiller: http://www.bleepingcomputer.com/download/tdsskiller/

• Uloz na plochu a spusti ako spravca
• Potvrd licencne podmienky
• Klikni na Change parameters a oznac moznosti "Verify driver digital signature" a "Detect TDLFS file system"
• Na koniec oznac moznost "Loaded Modules" a potvrd restart PC kliknutim na Reboot Now
• Po restartovani PC by sa mal automaticky spustit TDSSKiller - klikni na "Start Scan" a pockaj na dokoncenie skenu
• V pripade nalezov ponechaj vybrane predvolene moznosti a klikni na "Continue" a v pripade vyzvy potvrd restartovanie PC
• Na disku C:\ sa vytvori textovy subor s nazvom zacinajucim na "TDSSKiller" - jeho obsah vloz do dalsej odpovede

[LuckyphonyxH]

• Rkill 2.9.1 by Lawrence Abrams (Grinler)
  http://www.bleepingcomputer.com/
  Copyright 2008-2019 BleepingComputer.com
  More Information about Rkill can be found at this link:
  http://www.bleepingcomputer.com/forums/topic308364.html
  
  Program started at: 11/28/2019 04:55:54 AM in x64 mode.
  Windows Version: Windows 7 Professional Service Pack 1
  
  Checking for Windows services to stop:
  
  * No malware services found to stop.
  
  Checking for processes to terminate:
  
  * No malware processes found to kill.
  
  Checking Registry for malware related settings:
  
  * No issues found in the Registry.
  
  Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  
  Performing miscellaneous checks:
  
  * Windows Defender Disabled
  
  [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
  "DisableAntiSpyware" = dword:00000001
  
  * Windows Firewall Disabled
  
  [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
  "EnableFirewall" = dword:00000000
  
  Searching for Missing Digital Signatures:
  
  * No issues found.
  
  Checking HOSTS File:
  
  * No issues found.
  
  Program finished at: 11/28/2019 04:56:39 AM
  Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)

při zapnutí tdsskilerru opět blokování uživatelem to samé jako malwarebytes

[JaRon]

jednorazovo zaskocim:
vykonaj co Ti napisal kolega 23:08 avsak v núdzovom rezime PC

[LuckyphonyxH]

• 19:05:07.0930 0x0660 TDSS rootkit removing tool 3.1.0.28 Apr 9 2019 21:11:46
  19:05:15.0355 0x0660 ============================================================
  19:05:15.0355 0x0660 Current date / time: 2019/11/28 19:05:15.0355
  19:05:15.0355 0x0660 SystemInfo:
  19:05:15.0355 0x0660
  19:05:15.0355 0x0660 OS Version: 6.1.7601 ServicePack: 1.0
  19:05:15.0355 0x0660 Product type: Workstation
  19:05:15.0355 0x0660 ComputerName: VERONIKA-PC
  19:05:15.0355 0x0660 UserName: Veronika
  19:05:15.0355 0x0660 Windows directory: C:\Windows
  19:05:15.0355 0x0660 System windows directory: C:\Windows
  19:05:15.0355 0x0660 Running under WOW64
  19:05:15.0355 0x0660 Processor architecture: Intel x64
  19:05:15.0355 0x0660 Number of processors: 2
  19:05:15.0355 0x0660 Page size: 0x1000
  19:05:15.0355 0x0660 Boot type: Safe boot with network
  19:05:15.0355 0x0660 CodeIntegrityOptions = 0x00000001
  19:05:15.0355 0x0660 ============================================================
  19:05:19.0006 0x0660 KLMD registered as C:\Windows\system32\drivers\77454138.sys
  19:05:19.0006 0x0660 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.24384, osProperties = 0x1
  19:05:19.0645 0x0660 System UUID: {8F2C8221-E960-54B2-AAA8-E9BC76001390}
  19:05:20.0519 0x0660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
  19:05:20.0519 0x0660 ============================================================
  19:05:20.0519 0x0660 \Device\Harddisk0\DR0:
  19:05:20.0519 0x0660 MBR partitions:
  19:05:20.0519 0x0660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
  19:05:20.0519 0x0660 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
  19:05:20.0519 0x0660 ============================================================
  19:05:20.0628 0x0660 C: <-> \Device\Harddisk0\DR0\Partition2
  19:05:20.0628 0x0660 ============================================================
  19:05:20.0628 0x0660 Initialize success
  19:05:20.0628 0x0660 ============================================================
  19:06:45.0570 0x0218 ============================================================
  19:06:45.0570 0x0218 Scan started
  19:06:45.0570 0x0218 Mode: Manual; SigCheck; TDLFS;
  19:06:45.0570 0x0218 ============================================================
  19:06:45.0570 0x0218 KSN ping started
  19:06:45.0882 0x0218 KSN ping finished: true
  19:06:46.0631 0x0218 ================ Scan BIOS =================================
  19:06:46.0631 0x0218 BIOS info: vendor = LENOVO, version = 18CN46WW(V2.55) , releaseDate = 05/21/2010
  19:06:46.0631 0x0218 Base board info: manufacturer = LENOVO, product = NITU1, version = REFERENCE
  19:06:48.0753 0x0218 [ BACEAF2B119E6A8D97666B96479991DD, 01B95D8E17C4853F1CAA0E9815C17DBF959C7101279C8F100C38F96423178254 ] BIOS
  19:06:48.0753 0x0218 BIOS - ok
  19:06:48.0753 0x0218 ================ Scan system memory ========================
  19:06:48.0753 0x0218 System memory - ok
  19:06:48.0753 0x0218 ================ Scan services =============================
  19:06:48.0955 0x0218 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
  19:06:49.0065 0x0218 1394ohci - ok
  19:06:49.0127 0x0218 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
  19:06:49.0158 0x0218 ACPI - ok
  19:06:49.0205 0x0218 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
  19:06:49.0283 0x0218 AcpiPmi - ok
  19:06:49.0345 0x0218 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
  19:06:49.0377 0x0218 adp94xx - ok
  19:06:49.0423 0x0218 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
  19:06:49.0455 0x0218 adpahci - ok
  19:06:49.0470 0x0218 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
  19:06:49.0486 0x0218 adpu320 - ok
  19:06:49.0533 0x0218 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
  19:06:49.0579 0x0218 AeLookupSvc - ok
  19:06:49.0657 0x0218 [ 0DC2A9882540DEA4A55B08785E09D8FC, 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3 ] AFD C:\Windows\system32\drivers\afd.sys
  19:06:49.0720 0x0218 AFD - ok
  19:06:49.0767 0x0218 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
  19:06:49.0782 0x0218 agp440 - ok
  19:06:49.0813 0x0218 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
  19:06:49.0860 0x0218 ALG - ok
  19:06:49.0891 0x0218 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
  19:06:49.0907 0x0218 aliide - ok
  19:06:49.0907 0x0218 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
  19:06:49.0923 0x0218 amdide - ok
  19:06:49.0954 0x0218 [ 5BF53C072B59DBDF9CF589ED5AE261D8, E45DCEF7EFDDB09D4FB5DE81D39558D9E534818A68951A89087E1BA699A655E2 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
  19:06:50.0016 0x0218 AmdK8 - ok
  19:06:50.0032 0x0218 [ BAF4C08FEDAFDC2ABEED1B0171E73F73, C536569E17B30D93FDC7423C194306F291FCC1066D5EB159A1E8A8E7E674B64F ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
  19:06:50.0063 0x0218 AmdPPM - ok
  19:06:50.0110 0x0218 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
  19:06:50.0125 0x0218 amdsata - ok
  19:06:50.0157 0x0218 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
  19:06:50.0172 0x0218 amdsbs - ok
  19:06:50.0203 0x0218 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
  19:06:50.0219 0x0218 amdxata - ok
  19:06:50.0266 0x0218 [ EDC007E29CDF4496847F8C3F0C3824AB, F99EF3BD13D5D983B021666E8445B0E1ADCCC343F9D3A18630165933AF1B15D4 ] AppID C:\Windows\system32\drivers\appid.sys
  19:06:50.0328 0x0218 AppID - ok
  19:06:50.0359 0x0218 [ 89CB4FA7AC421A3AC98F3E9434C6525C, DECEBBAF448158334F24853604DD95FF1822630F1849C0764A01C5ADD9A7B778 ] AppIDSvc C:\Windows\System32\appidsvc.dll
  19:06:50.0391 0x0218 AppIDSvc - ok
  19:06:50.0453 0x0218 [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo C:\Windows\System32\appinfo.dll
  19:06:50.0484 0x0218 Appinfo - ok
  19:06:50.0547 0x0218 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
  19:06:50.0578 0x0218 AppMgmt - ok
  19:06:50.0593 0x0218 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
  19:06:50.0609 0x0218 arc - ok
  19:06:50.0640 0x0218 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
  19:06:50.0656 0x0218 arcsas - ok
  19:06:50.0765 0x0218 [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
  19:06:50.0812 0x0218 aspnet_state - ok
  19:06:50.0859 0x0218 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
  19:06:50.0983 0x0218 AsyncMac - ok
  19:06:50.0999 0x0218 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
  19:06:51.0015 0x0218 atapi - ok
  19:06:51.0077 0x0218 [ B0194AE694B7878DE338AA80FBAB881F, 9A24269B6B819F9F2EC9F1A77204301630081DCA0E94ACD242FAF38B7ECC288C ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
  19:06:51.0155 0x0218 AudioEndpointBuilder - ok
  19:06:51.0171 0x0218 [ B0194AE694B7878DE338AA80FBAB881F, 9A24269B6B819F9F2EC9F1A77204301630081DCA0E94ACD242FAF38B7ECC288C ] AudioSrv C:\Windows\System32\Audiosrv.dll
  19:06:51.0202 0x0218 AudioSrv - ok
  19:06:51.0295 0x0218 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
  19:06:51.0358 0x0218 AxInstSV - ok
  19:06:51.0405 0x0218 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
  19:06:51.0467 0x0218 b06bdrv - ok
  19:06:51.0498 0x0218 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
  19:06:51.0545 0x0218 b57nd60a - ok
  19:06:51.0623 0x0218 [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
  19:06:51.0732 0x0218 BCM43XX - ok
  19:06:51.0779 0x0218 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
  19:06:51.0810 0x0218 BDESVC - ok
  19:06:51.0857 0x0218 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
  19:06:51.0888 0x0218 Beep - ok
  19:06:51.0966 0x0218 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
  19:06:52.0200 0x0218 BFE - ok
  19:06:52.0263 0x0218 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
  19:06:52.0356 0x0218 BITS - ok
  19:06:52.0403 0x0218 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
  19:06:52.0419 0x0218 blbdrive - ok
  19:06:52.0465 0x0218 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser C:\Windows\system32\DRIVERS\bowser.sys
  19:06:52.0497 0x0218 bowser - ok
  19:06:52.0512 0x0218 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
  19:06:52.0543 0x0218 BrFiltLo - ok
  19:06:52.0575 0x0218 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
  19:06:52.0606 0x0218 BrFiltUp - ok
  19:06:52.0653 0x0218 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
  19:06:52.0699 0x0218 Browser - ok
  19:06:52.0715 0x0218 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
  19:06:52.0777 0x0218 Brserid - ok
  19:06:52.0793 0x0218 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
  19:06:52.0809 0x0218 BrSerWdm - ok
  19:06:52.0809 0x0218 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
  19:06:52.0840 0x0218 BrUsbMdm - ok
  19:06:52.0840 0x0218 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
  19:06:52.0871 0x0218 BrUsbSer - ok
  19:06:52.0887 0x0218 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
  19:06:52.0918 0x0218 BTHMODEM - ok
  19:06:52.0949 0x0218 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
  19:06:52.0996 0x0218 bthserv - ok
  19:06:53.0043 0x0218 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
  19:06:53.0074 0x0218 cdfs - ok
  19:06:53.0136 0x0218 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
  19:06:53.0183 0x0218 cdrom - ok
  19:06:53.0230 0x0218 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
  19:06:53.0261 0x0218 CertPropSvc - ok
  19:06:53.0292 0x0218 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
  19:06:53.0323 0x0218 circlass - ok
  19:06:53.0370 0x0218 [ 3963FEC1892368DD500E6ED1F5C286CE, A04689CB07AF1C1B4B1032B0ACAD88DA3EB03D89A575C59FE602A65E8C246138 ] CLFS C:\Windows\system32\CLFS.sys
  19:06:53.0386 0x0218 CLFS - ok
  19:06:53.0448 0x0218 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  19:06:53.0464 0x0218 clr_optimization_v2.0.50727_32 - ok
  19:06:53.0511 0x0218 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
  19:06:53.0526 0x0218 clr_optimization_v2.0.50727_64 - ok
  19:06:53.0635 0x0218 [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  19:06:53.0698 0x0218 clr_optimization_v4.0.30319_32 - ok
  19:06:53.0713 0x0218 [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  19:06:53.0745 0x0218 clr_optimization_v4.0.30319_64 - ok
  19:06:53.0776 0x0218 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
  19:06:53.0807 0x0218 CmBatt - ok
  19:06:53.0838 0x0218 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
  19:06:53.0854 0x0218 cmdide - ok
  19:06:53.0901 0x0218 [ 9DE8D00626F01DBD1879A6655D7A752D, 7624FEAEC4FBB2FAC484DA295FB748136BB331032FC58B426A45802F55F5C24D ] CNG C:\Windows\system32\Drivers\cng.sys
  19:06:53.0947 0x0218 CNG - ok
  19:06:53.0979 0x0218 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
  19:06:53.0994 0x0218 Compbatt - ok
  19:06:54.0041 0x0218 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
  19:06:54.0057 0x0218 CompositeBus - ok
  19:06:54.0088 0x0218 COMSysApp - ok
  19:06:54.0103 0x0218 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
  19:06:54.0119 0x0218 crcdisk - ok
  19:06:54.0166 0x0218 [ A6875617D7943F610891B6A74E3D27C4, 97EF4E8C47C1B6A115DC6B100C45487F107DAFEB9308BCE5CC6084259D49F36C ] CryptSvc C:\Windows\system32\cryptsvc.dll
  19:06:54.0213 0x0218 CryptSvc - ok
  19:06:54.0259 0x0218 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
  19:06:54.0322 0x0218 CSC - ok
  19:06:54.0384 0x0218 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
  19:06:54.0447 0x0218 CscService - ok
  19:06:54.0525 0x0218 [ 3F1A199859B4F3F8357B2A0AF5666A54, B0ACE9384088B7D0E54CF82BF48D4FEAA518BDEF98A294BA8F5A37DFF0E45328 ] DcomLaunch C:\Windows\system32\rpcss.dll
  19:06:54.0587 0x0218 DcomLaunch - ok
  19:06:54.0618 0x0218 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
  19:06:54.0665 0x0218 defragsvc - ok
  19:06:54.0727 0x0218 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC C:\Windows\system32\Drivers\dfsc.sys
  19:06:54.0759 0x0218 DfsC - ok
  19:06:54.0837 0x0218 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
  19:06:54.0883 0x0218 Dhcp - ok
  19:06:54.0977 0x0218 [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack C:\Windows\system32\diagtrack.dll
  19:06:55.0071 0x0218 DiagTrack - ok
  19:06:55.0102 0x0218 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
  19:06:55.0149 0x0218 discache - ok
  19:06:55.0180 0x0218 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
  19:06:55.0195 0x0218 Disk - ok
  19:06:55.0242 0x0218 [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache C:\Windows\System32\dnsrslvr.dll
  19:06:55.0289 0x0218 Dnscache - ok
  19:06:55.0336 0x0218 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
  19:06:55.0398 0x0218 dot3svc - ok
  19:06:55.0445 0x0218 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
  19:06:55.0492 0x0218 DPS - ok
  19:06:55.0539 0x0218 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
  19:06:55.0570 0x0218 drmkaud - ok
  19:06:55.0617 0x0218 [ 5CEF80AE869336376F550ECAE91E424A, 49152AC35556A5629AE7A4A762FDB2112FAD1C9CDB91E6196172809F74A3149A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
  19:06:55.0663 0x0218 DXGKrnl - ok
  19:06:55.0710 0x0218 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
  19:06:55.0757 0x0218 EapHost - ok
  19:06:55.0897 0x0218 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
  19:06:56.0038 0x0218 ebdrv - ok
  19:06:56.0069 0x0218 [ CBFE191C034A6AE8C2D1770CC96EB3AF, FF20382AA49B6D69C2A881BD8F92CD4C409A5D9401870BF965D71003211601C8 ] EFS C:\Windows\System32\lsass.exe
  19:06:56.0116 0x0218 EFS - ok
  19:06:56.0163 0x0218 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
  19:06:56.0241 0x0218 ehRecvr - ok
  19:06:56.0287 0x0218 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
  19:06:56.0319 0x0218 ehSched - ok
  19:06:56.0365 0x0218 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
  19:06:56.0412 0x0218 elxstor - ok
  19:06:56.0443 0x0218 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
  19:06:56.0475 0x0218 ErrDev - ok
  19:06:56.0521 0x0218 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
  19:06:56.0584 0x0218 EventSystem - ok
  19:06:56.0615 0x0218 [ 7E45F8B117419ABA3BB26579F6E70324, 03FE86519860153E1BE571F10ACC9BA58FFB5A661C5C3EBDF3B77973BCD96C84 ] exfat C:\Windows\system32\drivers\exfat.sys
  19:06:56.0646 0x0218 exfat - ok
  19:06:56.0662 0x0218 [ 6EDFA237D25433C03F42FBFDB16BDD24, A30F89A40F7AFC475D3C2D3591FB9AFC06AE3FEBC915FDCB24ED77946FBA4E2C ] fastfat C:\Windows\system32\drivers\fastfat.sys
  19:06:56.0677 0x0218 fastfat - ok
  19:06:56.0740 0x0218 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
  19:06:56.0818 0x0218 Fax - ok
  19:06:56.0849 0x0218 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
  19:06:56.0880 0x0218 fdc - ok
  19:06:56.0911 0x0218 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
  19:06:56.0958 0x0218 fdPHost - ok
  19:06:56.0974 0x0218 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
  19:06:57.0005 0x0218 FDResPub - ok
  19:06:57.0052 0x0218 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
  19:06:57.0052 0x0218 FileInfo - ok
  19:06:57.0083 0x0218 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
  19:06:57.0130 0x0218 Filetrace - ok
  19:06:57.0130 0x0218 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
  19:06:57.0161 0x0218 flpydisk - ok
  19:06:57.0192 0x0218 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
  19:06:57.0208 0x0218 FltMgr - ok
  19:06:57.0301 0x0218 [ 785F474FB5E67E448E1931C98E8D0ABC, 911697D580CBF508A6F4A52D4F95A6976CF9A0EC3549076A8D0B5C8BD947C989 ] FontCache C:\Windows\system32\FntCache.dll
  19:06:57.0379 0x0218 FontCache - ok
  19:06:57.0442 0x0218 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
  19:06:57.0442 0x0218 FontCache3.0.0.0 - ok
  19:06:57.0473 0x0218 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
  19:06:57.0489 0x0218 FsDepends - ok
  19:06:57.0520 0x0218 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
  19:06:57.0535 0x0218 Fs_Rec - ok
  19:06:57.0582 0x0218 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
  19:06:57.0598 0x0218 fvevol - ok
  19:06:57.0613 0x0218 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
  19:06:57.0629 0x0218 gagp30kx - ok
  19:06:57.0801 0x0218 [ 16687418FA8719568091DBFB502AE2AB, D9680BC860EA3224325C9DC811D0591E89C153C867687BD7561298514A034D8A ] GoogleChromeElevationService C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\elevation_service.exe
  19:06:57.0894 0x0218 GoogleChromeElevationService - ok
  19:06:57.0972 0x0218 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
  19:06:58.0050 0x0218 gpsvc - ok
  19:06:58.0081 0x0218 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
  19:06:58.0097 0x0218 hcw85cir - ok
  19:06:58.0159 0x0218 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
  19:06:58.0191 0x0218 HdAudAddService - ok
  19:06:58.0206 0x0218 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
  19:06:58.0222 0x0218 HDAudBus - ok
  19:06:58.0269 0x0218 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
  19:06:58.0284 0x0218 HidBatt - ok
  19:06:58.0284 0x0218 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
  19:06:58.0331 0x0218 HidBth - ok
  19:06:58.0362 0x0218 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
  19:06:58.0378 0x0218 HidIr - ok
  19:06:58.0409 0x0218 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
  19:06:58.0456 0x0218 hidserv - ok
  19:06:58.0487 0x0218 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
  19:06:58.0518 0x0218 HidUsb - ok
  19:06:58.0565 0x0218 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
  19:06:58.0596 0x0218 hkmsvc - ok
  19:06:58.0643 0x0218 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
  19:06:58.0690 0x0218 HomeGroupListener - ok
  19:06:58.0737 0x0218 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
  19:06:58.0768 0x0218 HomeGroupProvider - ok
  19:06:58.0799 0x0218 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
  19:06:58.0815 0x0218 HpSAMD - ok
  19:06:58.0893 0x0218 [ CF5C9BD985120781200D35FD445D0BD5, 91B37F595A196542458CBBCDAD80779721D228A7030A34E55995DDBB06649248 ] HTTP C:\Windows\system32\drivers\HTTP.sys
  19:06:58.0939 0x0218 HTTP - ok
  19:06:58.0971 0x0218 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
  19:06:58.0986 0x0218 hwpolicy - ok
  19:06:59.0033 0x0218 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
  19:06:59.0049 0x0218 i8042prt - ok
  19:06:59.0095 0x0218 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
  19:06:59.0127 0x0218 iaStorV - ok
  19:06:59.0189 0x0218 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
  19:06:59.0251 0x0218 idsvc - ok
  19:06:59.0283 0x0218 IEEtwCollectorService - ok
  19:06:59.0673 0x0218 [ 8814F0B9A09C647D3D7BE735450E7B4C, E82AD0DC556AE7663C1A5CE75DA3619E1614BC88F52558496FF0D569DE04E1CA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
  19:07:00.0203 0x0218 igfx - ok
  19:07:00.0250 0x0218 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
  19:07:00.0265 0x0218 iirsp - ok
  19:07:00.0328 0x0218 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
  19:07:00.0406 0x0218 IKEEXT - ok
  19:07:00.0437 0x0218 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
  19:07:00.0453 0x0218 intelide - ok
  19:07:00.0484 0x0218 [ 07913B69C2A3BD1358E579941416B933, 6BFA6CA428ED57695E86F9CC6F9F857DB7CFCE738FC1FD6F941BD2DF98CF34F2 ] intelppm C:\Windows\system32\drivers\intelppm.sys
  19:07:00.0515 0x0218 intelppm - ok
  19:07:00.0531 0x0218 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
  19:07:00.0593 0x0218 IPBusEnum - ok
  19:07:00.0640 0x0218 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
  19:07:00.0671 0x0218 IpFilterDriver - ok
  19:07:00.0733 0x0218 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
  19:07:00.0796 0x0218 iphlpsvc - ok
  19:07:00.0827 0x0218 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
  19:07:00.0858 0x0218 IPMIDRV - ok
  19:07:00.0889 0x0218 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
  19:07:00.0936 0x0218 IPNAT - ok
  19:07:00.0967 0x0218 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
  19:07:01.0045 0x0218 IRENUM - ok
  19:07:01.0077 0x0218 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
  19:07:01.0092 0x0218 isapnp - ok
  19:07:01.0139 0x0218 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
  19:07:01.0155 0x0218 iScsiPrt - ok
  19:07:01.0170 0x0218 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
  19:07:01.0186 0x0218 kbdclass - ok
  19:07:01.0233 0x0218 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
  19:07:01.0264 0x0218 kbdhid - ok
  19:07:01.0279 0x0218 [ CBFE191C034A6AE8C2D1770CC96EB3AF, FF20382AA49B6D69C2A881BD8F92CD4C409A5D9401870BF965D71003211601C8 ] KeyIso C:\Windows\system32\lsass.exe
  19:07:01.0295 0x0218 KeyIso - ok
  19:07:01.0342 0x0218 [ 8DF3159B0F8EFD4273C98BCC6D05EDAC, 9CED05F7119381ADE3D432238A88AB1596A243F63BE4B7B72394E93B9303E782 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
  19:07:01.0357 0x0218 KSecDD - ok
  19:07:01.0389 0x0218 [ E6DD23D3B0E56B081936C5DD8124A4B9, 8A7DD06A1821CC1D31CAB33FF299F326B5BC956B4339710DCDADAE69CE2A7E0A ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
  19:07:01.0420 0x0218 KSecPkg - ok
  19:07:01.0435 0x0218 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
  19:07:01.0482 0x0218 ksthunk - ok
  19:07:01.0529 0x0218 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
  19:07:01.0576 0x0218 KtmRm - ok
  19:07:01.0638 0x0218 [ F5E7F08D709EA323B5912E255BA63156, FF61A401ED9727FB66D9A472C89393278AEB9C5B81DD6704F1C064D6E3BB2FEA ] LanmanServer C:\Windows\system32\srvsvc.dll
  19:07:01.0654 0x0218 LanmanServer - ok
  19:07:01.0701 0x0218 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
  19:07:01.0747 0x0218 LanmanWorkstation - ok
  19:07:01.0779 0x0218 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
  19:07:01.0825 0x0218 lltdio - ok
  19:07:01.0872 0x0218 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
  19:07:01.0919 0x0218 lltdsvc - ok
  19:07:01.0935 0x0218 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
  19:07:01.0966 0x0218 lmhosts - ok
  19:07:02.0028 0x0218 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
  19:07:02.0044 0x0218 LSI_FC - ok
  19:07:02.0044 0x0218 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
  19:07:02.0059 0x0218 LSI_SAS - ok
  19:07:02.0075 0x0218 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
  19:07:02.0091 0x0218 LSI_SAS2 - ok
  19:07:02.0091 0x0218 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
  19:07:02.0106 0x0218 LSI_SCSI - ok
  19:07:02.0137 0x0218 [ 5416CEB2916BBE635288C4D1075B045E, BEFF99052206C0D774CFFF14AC3305C397726B289B17666C2AD2706C261F2FF0 ] luafv C:\Windows\system32\drivers\luafv.sys
  19:07:02.0169 0x0218 luafv - ok
  19:07:02.0449 0x0218 [ 7FF734742775BD68C626D0EE76E2E933, 5CD0A0C6EE904B3ED61D05923C0DEAACF49623828DC331DD3D5C77BB06B4F053 ] MBAMInstallerService C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
  19:07:02.0777 0x0218 MBAMInstallerService - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:02.0964 0x0218 Detect skipped due to KSN trusted
  19:07:02.0964 0x0218 MBAMInstallerService - ok
  19:07:03.0245 0x0218 [ 3C6F0D0A69269D79EAAE6525C9802141, 65A265E68B32D5EB87EB256581962F7F75548CEBC78CB330C62E3E8A511C1012 ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
  19:07:03.0604 0x0218 MBAMService - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:03.0744 0x0218 Detect skipped due to KSN trusted
  19:07:03.0744 0x0218 MBAMService - ok
  19:07:03.0791 0x0218 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
  19:07:03.0807 0x0218 Mcx2Svc - ok
  19:07:03.0838 0x0218 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
  19:07:03.0853 0x0218 megasas - ok
  19:07:03.0885 0x0218 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
  19:07:03.0916 0x0218 MegaSR - ok
  19:07:03.0947 0x0218 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
  19:07:03.0994 0x0218 MMCSS - ok
  19:07:04.0009 0x0218 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
  19:07:04.0041 0x0218 Modem - ok
  19:07:04.0087 0x0218 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
  19:07:04.0103 0x0218 monitor - ok
  19:07:04.0119 0x0218 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
  19:07:04.0134 0x0218 mouclass - ok
  19:07:04.0165 0x0218 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
  19:07:04.0181 0x0218 mouhid - ok
  19:07:04.0212 0x0218 [ 0C22BF88FB8E50DF1AB9CA564D0BD270, 98AF1D0A22BD5C4D9047FC158237BC71A45E869C15494F869B828ED637B20219 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
  19:07:04.0228 0x0218 mountmgr - ok
  19:07:04.0275 0x0218 [ 3665AB2F67F4024F5F3F80335ED5322A, BE3DC246F176E00D7611A7E16FBC22615199F49EBCB4C90B0C107294E592BF8D ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
  19:07:04.0290 0x0218 MpFilter - ok
  19:07:04.0337 0x0218 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
  19:07:04.0353 0x0218 mpio - ok
  19:07:04.0384 0x0218 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
  19:07:04.0431 0x0218 mpsdrv - ok
  19:07:04.0493 0x0218 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
  19:07:04.0571 0x0218 MpsSvc - ok
  19:07:04.0618 0x0218 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
  19:07:04.0665 0x0218 MRxDAV - ok
  19:07:04.0711 0x0218 [ B11FA8D7E00EC9AD45F8B4978FF20911, 2C6B46AD81FE6BE744B0B2CCCC5F0D72E6AD61F1ADD8E2A7FAF8AF94AC988B9D ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
  19:07:04.0727 0x0218 mrxsmb - ok
  19:07:04.0774 0x0218 [ 5FA417B4F52BB09D669D16E97416E2DF, 7C978250D739152CC8AF03C2D07013DDDE8508BE8A1EEC2E9BBCB7E3D651F951 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
  19:07:04.0805 0x0218 mrxsmb10 - ok
  19:07:04.0821 0x0218 [ 58D3CFDC91BADCB3B2871C10E30A6AB1, 773043ECB58659B0CC6D5646E702A63C33C41927BE919668F7499ECD3FB8EB66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
  19:07:04.0836 0x0218 mrxsmb20 - ok
  19:07:04.0883 0x0218 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
  19:07:04.0883 0x0218 msahci - ok
  19:07:04.0930 0x0218 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
  19:07:04.0945 0x0218 msdsm - ok
  19:07:04.0977 0x0218 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
  19:07:04.0992 0x0218 MSDTC - ok
  19:07:05.0055 0x0218 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
  19:07:05.0101 0x0218 Msfs - ok
  19:07:05.0117 0x0218 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
  19:07:05.0164 0x0218 mshidkmdf - ok
  19:07:05.0195 0x0218 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
  19:07:05.0211 0x0218 msisadrv - ok
  19:07:05.0257 0x0218 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
  19:07:05.0304 0x0218 MSiSCSI - ok
  19:07:05.0304 0x0218 msiserver - ok
  19:07:05.0351 0x0218 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
  19:07:05.0398 0x0218 MSKSSRV - ok
  19:07:05.0491 0x0218 [ 5ADED2C1239D7BD798E2C4EF9EAA1FA3, 6A462DAC110015F3E59610202714120C557674019A0196680B72031C50D7C474 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
  19:07:05.0507 0x0218 MsMpSvc - ok
  19:07:05.0523 0x0218 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
  19:07:05.0554 0x0218 MSPCLOCK - ok
  19:07:05.0569 0x0218 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
  19:07:05.0616 0x0218 MSPQM - ok
  19:07:05.0663 0x0218 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
  19:07:05.0679 0x0218 MsRPC - ok
  19:07:05.0725 0x0218 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
  19:07:05.0741 0x0218 mssmbios - ok
  19:07:05.0741 0x0218 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
  19:07:05.0803 0x0218 MSTEE - ok
  19:07:05.0803 0x0218 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
  19:07:05.0819 0x0218 MTConfig - ok
  19:07:05.0835 0x0218 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
  19:07:05.0850 0x0218 Mup - ok
  19:07:05.0913 0x0218 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
  19:07:05.0975 0x0218 napagent - ok
  19:07:06.0022 0x0218 [ 9FB2A095B1166CB3C9A06651863B3452, 808105C59C2D28C390FDE0CA48690A5CD052DE3D7F7327864EB45F80187D5BE9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
  19:07:06.0069 0x0218 NativeWifiP - ok
  19:07:06.0147 0x0218 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
  19:07:06.0193 0x0218 NDIS - ok
  19:07:06.0240 0x0218 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
  19:07:06.0271 0x0218 NdisCap - ok
  19:07:06.0303 0x0218 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
  19:07:06.0349 0x0218 NdisTapi - ok
  19:07:06.0381 0x0218 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
  19:07:06.0427 0x0218 Ndisuio - ok
  19:07:06.0474 0x0218 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
  19:07:06.0521 0x0218 NdisWan - ok
  19:07:06.0552 0x0218 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
  19:07:06.0599 0x0218 NDProxy - ok
  19:07:06.0646 0x0218 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
  19:07:06.0693 0x0218 NetBIOS - ok
  19:07:06.0739 0x0218 [ 734837208CAFD6E0959A7A0333C95C9D, 0B7CD6E3CE43ABE021DBE6516492E326265EC0273F2F4297187CE70602CB8CE1 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
  19:07:06.0771 0x0218 NetBT - ok
  19:07:06.0771 0x0218 [ CBFE191C034A6AE8C2D1770CC96EB3AF, FF20382AA49B6D69C2A881BD8F92CD4C409A5D9401870BF965D71003211601C8 ] Netlogon C:\Windows\system32\lsass.exe
  19:07:06.0786 0x0218 Netlogon - ok
  19:07:06.0817 0x0218 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
  19:07:06.0864 0x0218 Netman - ok
  19:07:06.0927 0x0218 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
  19:07:06.0989 0x0218 NetMsmqActivator - ok
  19:07:06.0989 0x0218 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
  19:07:07.0005 0x0218 NetPipeActivator - ok
  19:07:07.0051 0x0218 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
  19:07:07.0114 0x0218 netprofm - ok
  19:07:07.0114 0x0218 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
  19:07:07.0129 0x0218 NetTcpActivator - ok
  19:07:07.0145 0x0218 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
  19:07:07.0161 0x0218 NetTcpPortSharing - ok
  19:07:07.0192 0x0218 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
  19:07:07.0192 0x0218 nfrd960 - ok
  19:07:07.0223 0x0218 [ CE5F6E635FE4506AE6F2D6EB87425128, 3DB5ECF7CD2F2C3C010AA40CE57F1B3856E284BBA359FBC41A1B340E3180FD5F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
  19:07:07.0239 0x0218 NisDrv - ok
  19:07:07.0285 0x0218 [ D630B510E1E3FF6BA12B705F47F115D9, 05D76065D5D9A82E53EA18CD2D0184338681A7BBD3CD5D6C44D1FA5CB1C63640 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
  19:07:07.0317 0x0218 NisSrv - ok
  19:07:07.0332 0x0218 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
  19:07:07.0363 0x0218 NlaSvc - ok
  19:07:07.0395 0x0218 [ 67D863F5D9BBCCDA58F5E1CE34F25349, 38985F67686872BF111E9447D4C2798325CD593238AA418614B562A39A348D6D ] Npfs C:\Windows\system32\drivers\Npfs.sys
  19:07:07.0426 0x0218 Npfs - ok
  19:07:07.0473 0x0218 [ 668B9EFF5CCA4542F435D2CD9CE3C778, 7409EF35D1DC0DE2BAB752694981FFA1F1855C7F11310366B80BD1EC3513262E ] nsi C:\Windows\system32\nsisvc.dll
  19:07:07.0488 0x0218 nsi - ok
  19:07:07.0519 0x0218 [ BE313E566EEA2A4B7F9AAC9782A567D4, 377C624737B1A4FBC1DFF988F029B8ED9A368827C33A4FEEBA1B7937A87C2B47 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
  19:07:07.0551 0x0218 nsiproxy - ok
  19:07:07.0629 0x0218 [ 1065D9AFE491706EB00AD3CBB76C9E54, 7014029663FC61932EACC07682A66EE5483F11968EF58DE9766A9D77238C6812 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
  19:07:07.0707 0x0218 Ntfs - ok
  19:07:07.0738 0x0218 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
  19:07:07.0785 0x0218 Null - ok
  19:07:07.0831 0x0218 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
  19:07:07.0847 0x0218 nvraid - ok
  19:07:07.0863 0x0218 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
  19:07:07.0878 0x0218 nvstor - ok
  19:07:07.0925 0x0218 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
  19:07:07.0941 0x0218 nv_agp - ok
  19:07:07.0987 0x0218 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
  19:07:08.0003 0x0218 ohci1394 - ok
  19:07:08.0065 0x0218 [ B197683E3828E48E8258E13B99A02EF9, 9C5C712DC2AD1B559FB14891E7C53395447821FC7F60D843FC7AC0DAA90FEA68 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
  19:07:08.0081 0x0218 ose64 - ok
  19:07:08.0315 0x0218 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
  19:07:08.0533 0x0218 osppsvc - ok
  19:07:08.0580 0x0218 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
  19:07:08.0627 0x0218 p2pimsvc - ok
  19:07:08.0658 0x0218 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
  19:07:08.0705 0x0218 p2psvc - ok
  19:07:08.0736 0x0218 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
  19:07:08.0752 0x0218 Parport - ok
  19:07:08.0799 0x0218 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
  19:07:08.0814 0x0218 partmgr - ok
  19:07:08.0845 0x0218 [ 87A74F576070B44D6A6CD5D35E16323F, 885A13EBEFFD3CA0E6F463A900023D6312A45DA75B2BA5484DD5A04D7E1492B5 ] PcaSvc C:\Windows\System32\pcasvc.dll
  19:07:08.0892 0x0218 PcaSvc - ok
  19:07:08.0923 0x0218 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
  19:07:08.0939 0x0218 pci - ok
  19:07:08.0970 0x0218 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
  19:07:08.0986 0x0218 pciide - ok
  19:07:09.0033 0x0218 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
  19:07:09.0048 0x0218 pcmcia - ok
  19:07:09.0064 0x0218 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
  19:07:09.0079 0x0218 pcw - ok
  19:07:09.0142 0x0218 [ BE1A9309CD755AF6CC74028016BADCC7, CFCED7C13F6DA0A13A98AA169F15FE4944B779549E8A57D2591AD2D13EA214D9 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
  19:07:09.0173 0x0218 PEAUTH - ok
  19:07:09.0251 0x0218 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
  19:07:09.0345 0x0218 PeerDistSvc - ok
  19:07:09.0454 0x0218 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
  19:07:09.0516 0x0218 PerfHost - ok
  19:07:09.0610 0x0218 [ BC5F8C5C7ACCD0B884FCB8B67616F537, 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27 ] pla C:\Windows\system32\pla.dll
  19:07:09.0688 0x0218 pla - ok
  19:07:09.0735 0x0218 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
  19:07:09.0766 0x0218 PlugPlay - ok
  19:07:09.0797 0x0218 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
  19:07:09.0828 0x0218 PNRPAutoReg - ok
  19:07:09.0859 0x0218 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
  19:07:09.0891 0x0218 PNRPsvc - ok
  19:07:09.0937 0x0218 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
  19:07:09.0984 0x0218 PolicyAgent - ok
  19:07:10.0031 0x0218 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
  19:07:10.0062 0x0218 Power - ok
  19:07:10.0109 0x0218 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
  19:07:10.0171 0x0218 PptpMiniport - ok
  19:07:10.0171 0x0218 [ E1356522ED0770373D9F3F348A1A4CD8, 2CF982A84D188EE225CEFCC7D459026C5CD0EBCEE67BC8EBAADFF5DB8FEB0BC9 ] Processor C:\Windows\system32\drivers\processr.sys
  19:07:10.0203 0x0218 Processor - ok
  19:07:10.0249 0x0218 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
  19:07:10.0296 0x0218 ProfSvc - ok
  19:07:10.0312 0x0218 [ CBFE191C034A6AE8C2D1770CC96EB3AF, FF20382AA49B6D69C2A881BD8F92CD4C409A5D9401870BF965D71003211601C8 ] ProtectedStorage C:\Windows\system32\lsass.exe
  19:07:10.0327 0x0218 ProtectedStorage - ok
  19:07:10.0374 0x0218 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
  19:07:10.0421 0x0218 Psched - ok
  19:07:10.0483 0x0218 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
  19:07:10.0561 0x0218 ql2300 - ok
  19:07:10.0593 0x0218 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
  19:07:10.0608 0x0218 ql40xx - ok
  19:07:10.0655 0x0218 QMUdisk - ok
  19:07:10.0686 0x0218 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
  19:07:10.0717 0x0218 QWAVE - ok
  19:07:10.0717 0x0218 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
  19:07:10.0749 0x0218 QWAVEdrv - ok
  19:07:10.0764 0x0218 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
  19:07:10.0811 0x0218 RasAcd - ok
  19:07:10.0842 0x0218 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
  19:07:10.0889 0x0218 RasAgileVpn - ok
  19:07:10.0920 0x0218 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
  19:07:10.0967 0x0218 RasAuto - ok
  19:07:11.0014 0x0218 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
  19:07:11.0061 0x0218 Rasl2tp - ok
  19:07:11.0092 0x0218 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
  19:07:11.0154 0x0218 RasMan - ok
  19:07:11.0185 0x0218 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
  19:07:11.0232 0x0218 RasPppoe - ok
  19:07:11.0248 0x0218 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
  19:07:11.0295 0x0218 RasSstp - ok
  19:07:11.0341 0x0218 [ FB45727105E27756B3252572A138FA19, B11A375C7377C2DD02175921F5A3BBD23191207DE76DB220ACF72BD5CF74E09A ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
  19:07:11.0373 0x0218 rdbss - ok
  19:07:11.0404 0x0218 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
  19:07:11.0419 0x0218 rdpbus - ok
  19:07:11.0435 0x0218 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
  19:07:11.0482 0x0218 RDPCDD - ok
  19:07:11.0529 0x0218 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
  19:07:11.0575 0x0218 RDPDR - ok
  19:07:11.0607 0x0218 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
  19:07:11.0638 0x0218 RDPENCDD - ok
  19:07:11.0653 0x0218 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
  19:07:11.0685 0x0218 RDPREFMP - ok
  19:07:11.0716 0x0218 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
  19:07:11.0763 0x0218 RDPWD - ok
  19:07:11.0794 0x0218 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
  19:07:11.0825 0x0218 rdyboost - ok
  19:07:11.0841 0x0218 [ 0301EEE83B03229F555C6F8025FB5540, 3ABBA482E59FF9FC831A0FEA75A8C937BAE5077108A0EB3F89205C72FEDC2CD9 ] RemoteAccess C:\Windows\System32\mprdim.dll
  19:07:11.0872 0x0218 RemoteAccess - ok
  19:07:11.0903 0x0218 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
  19:07:11.0965 0x0218 RemoteRegistry - ok
  19:07:11.0981 0x0218 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
  19:07:12.0028 0x0218 RpcEptMapper - ok
  19:07:12.0059 0x0218 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
  19:07:12.0075 0x0218 RpcLocator - ok
  19:07:12.0121 0x0218 [ 3F1A199859B4F3F8357B2A0AF5666A54, B0ACE9384088B7D0E54CF82BF48D4FEAA518BDEF98A294BA8F5A37DFF0E45328 ] RpcSs C:\Windows\system32\rpcss.dll
  19:07:12.0153 0x0218 RpcSs - ok
  19:07:12.0184 0x0218 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
  19:07:12.0231 0x0218 rspndr - ok
  19:07:12.0293 0x0218 [ B60402C00CFBA993BF17B5F88C84F38B, 6014F3A28557EF211AFCD7E6B6668619B7FBFF40BCB3404F47ADCF8F43D574DD ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
  19:07:12.0387 0x0218 RTL8167 - ok
  19:07:12.0449 0x0218 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
  19:07:12.0480 0x0218 s3cap - ok
  19:07:12.0496 0x0218 [ CBFE191C034A6AE8C2D1770CC96EB3AF, FF20382AA49B6D69C2A881BD8F92CD4C409A5D9401870BF965D71003211601C8 ] SamSs C:\Windows\system32\lsass.exe
  19:07:12.0511 0x0218 SamSs - ok
  19:07:12.0574 0x0218 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
  19:07:12.0589 0x0218 sbp2port - ok
  19:07:12.0667 0x0218 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
  19:07:12.0714 0x0218 SCardSvr - ok
  19:07:12.0761 0x0218 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
  19:07:12.0808 0x0218 scfilter - ok
  19:07:12.0870 0x0218 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
  19:07:12.0964 0x0218 Schedule - ok
  19:07:13.0011 0x0218 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
  19:07:13.0057 0x0218 SCPolicySvc - ok
  19:07:13.0089 0x0218 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
  19:07:13.0135 0x0218 SDRSVC - ok
  19:07:13.0182 0x0218 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
  19:07:13.0198 0x0218 secdrv - ok
  19:07:13.0245 0x0218 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
  19:07:13.0276 0x0218 seclogon - ok
  19:07:13.0307 0x0218 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
  19:07:13.0338 0x0218 SENS - ok
  19:07:13.0354 0x0218 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
  19:07:13.0385 0x0218 SensrSvc - ok
  19:07:13.0416 0x0218 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
  19:07:13.0432 0x0218 Serenum - ok
  19:07:13.0447 0x0218 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
  19:07:13.0463 0x0218 Serial - ok
  19:07:13.0510 0x0218 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
  19:07:13.0510 0x0218 sermouse - ok
  19:07:13.0572 0x0218 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
  19:07:13.0619 0x0218 SessionEnv - ok
  19:07:13.0650 0x0218 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
  19:07:13.0681 0x0218 sffdisk - ok
  19:07:13.0697 0x0218 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
  19:07:13.0713 0x0218 sffp_mmc - ok
  19:07:13.0728 0x0218 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
  19:07:13.0744 0x0218 sffp_sd - ok
  19:07:13.0775 0x0218 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
  19:07:13.0806 0x0218 sfloppy - ok
  19:07:13.0822 0x0218 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
  19:07:13.0884 0x0218 SharedAccess - ok
  19:07:13.0931 0x0218 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
  19:07:13.0993 0x0218 ShellHWDetection - ok
  19:07:14.0009 0x0218 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
  19:07:14.0025 0x0218 SiSRaid2 - ok
  19:07:14.0040 0x0218 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
  19:07:14.0056 0x0218 SiSRaid4 - ok
  19:07:14.0103 0x0218 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
  19:07:14.0165 0x0218 Smb - ok
  19:07:14.0181 0x0218 [ 17E3634CC92B9C268B713DE077CDB6F9, 6B2764135DC3F12D43D1035A4E6F15EA0B123371E34DCC8AE2DCED3D5FD49E56 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
  19:07:14.0196 0x0218 SmbDrvI - ok
  19:07:14.0243 0x0218 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
  19:07:14.0259 0x0218 SNMPTRAP - ok
  19:07:14.0259 0x0218 softaal - ok
  19:07:14.0290 0x0218 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
  19:07:14.0305 0x0218 spldr - ok
  19:07:14.0352 0x0218 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
  19:07:14.0430 0x0218 Spooler - ok
  19:07:14.0571 0x0218 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
  19:07:14.0742 0x0218 sppsvc - ok
  19:07:14.0789 0x0218 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
  19:07:14.0836 0x0218 sppuinotify - ok
  19:07:14.0883 0x0218 [ FB3B156F331F2F86E63FD5FCEE946DEA, 110C728E8486B56466FC92DD3D86B0499DDF4A93D7B258A555EC579557A125CE ] srv C:\Windows\system32\DRIVERS\srv.sys
  19:07:14.0929 0x0218 srv - ok
  19:07:14.0961 0x0218 [ 8CCC6C4C350C6837CD3A1C79B19AF3D1, E746052653E96CD4BC205B437305FFB24D2ECA061EF79D1F4164163E8A9D185B ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
  19:07:15.0007 0x0218 srv2 - ok
  19:07:15.0023 0x0218 [ 884764A6F0AF7C880BD04510934303D6, EF593BA65C3F7F2957A369CC8914157F27343CA41A3A2FEBD5C824E7F0000FE2 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
  19:07:15.0039 0x0218 srvnet - ok
  19:07:15.0085 0x0218 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
  19:07:15.0148 0x0218 SSDPSRV - ok
  19:07:15.0163 0x0218 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
  19:07:15.0210 0x0218 SstpSvc - ok
  19:07:15.0241 0x0218 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
  19:07:15.0241 0x0218 stexstor - ok
  19:07:15.0304 0x0218 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
  19:07:15.0351 0x0218 stisvc - ok
  19:07:15.0397 0x0218 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
  19:07:15.0413 0x0218 storflt - ok
  19:07:15.0429 0x0218 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
  19:07:15.0460 0x0218 StorSvc - ok
  19:07:15.0475 0x0218 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
  19:07:15.0491 0x0218 storvsc - ok
  19:07:15.0538 0x0218 [ 04CF20310145DEC63D5387BEAFF77D9A, 5017AF8C2DFBFE1F9946FF5AF229D62D141118EA923EEFA994EB4C7B52DEF208 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
  19:07:15.0553 0x0218 SWDUMon - ok
  19:07:15.0585 0x0218 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
  19:07:15.0600 0x0218 swenum - ok
  19:07:15.0647 0x0218 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
  19:07:15.0694 0x0218 swprv - ok
  19:07:15.0803 0x0218 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
  19:07:15.0897 0x0218 SysMain - ok
  19:07:15.0959 0x0218 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
  19:07:15.0990 0x0218 TabletInputService - ok
  19:07:16.0037 0x0218 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
  19:07:16.0099 0x0218 TapiSrv - ok
  19:07:16.0193 0x0218 [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
  19:07:16.0271 0x0218 Tcpip - ok
  19:07:16.0349 0x0218 [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
  19:07:16.0396 0x0218 TCPIP6 - ok
  19:07:16.0443 0x0218 [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
  19:07:16.0489 0x0218 tcpipreg - ok
  19:07:16.0521 0x0218 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
  19:07:16.0552 0x0218 TDPIPE - ok
  19:07:16.0583 0x0218 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
  19:07:16.0614 0x0218 TDTCP - ok
  19:07:16.0661 0x0218 [ 4DD986720F7CB7A8A5D1226793097B9A, 9020375B45E9C966BF44CF425C127D7E0EC82EB99C7047F225C25402FF97743D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
  19:07:16.0677 0x0218 tdx - ok
  19:07:16.0708 0x0218 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
  19:07:16.0723 0x0218 TermDD - ok
  19:07:16.0786 0x0218 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll
  19:07:16.0848 0x0218 TermService - ok
  19:07:16.0879 0x0218 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
  19:07:16.0911 0x0218 Themes - ok
  19:07:16.0942 0x0218 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
  19:07:16.0973 0x0218 THREADORDER - ok
  19:07:16.0989 0x0218 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
  19:07:17.0020 0x0218 TrkWks - ok
  19:07:17.0082 0x0218 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
  19:07:17.0113 0x0218 TrustedInstaller - ok
  19:07:17.0129 0x0218 tsnethlpx64 - ok
  19:07:17.0160 0x0218 [ 2CF58216424757ED29605B4F18EC443C, 9D523FC075F7F41A17F60617670A976A8F2F2943444515DC3834720BDC37DFA0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
  19:07:17.0176 0x0218 tssecsrv - ok
  19:07:17.0207 0x0218 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
  19:07:17.0254 0x0218 TsUsbFlt - ok
  19:07:17.0301 0x0218 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
  19:07:17.0347 0x0218 tunnel - ok
  19:07:17.0379 0x0218 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
  19:07:17.0394 0x0218 uagp35 - ok
  19:07:17.0441 0x0218 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
  19:07:17.0488 0x0218 udfs - ok
  19:07:17.0550 0x0218 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
  19:07:17.0566 0x0218 UI0Detect - ok
  19:07:17.0597 0x0218 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
  19:07:17.0613 0x0218 uliagpkx - ok
  19:07:17.0659 0x0218 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
  19:07:17.0691 0x0218 umbus - ok
  19:07:17.0722 0x0218 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
  19:07:17.0753 0x0218 UmPass - ok
  19:07:17.0784 0x0218 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
  19:07:17.0815 0x0218 UmRdpService - ok
  19:07:17.0847 0x0218 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
  19:07:17.0909 0x0218 upnphost - ok
  19:07:17.0925 0x0218 [ 9E68E917FB4B5C983438969643F53BEF, 7148BF1E7AFAFA025A51AA9A26B90ED85328B41C7F7791CB3460D9CF53245985 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
  19:07:17.0971 0x0218 usbccgp - ok
  19:07:18.0003 0x0218 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
  19:07:18.0034 0x0218 usbcir - ok
  19:07:18.0065 0x0218 [ 3F9D3902CE931E2A28DD8452AE915B67, C8BF042DD84FB2E3AE7FCDBA65923611FCBDAFD6410E42A5E58F8995D99AE16C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
  19:07:18.0112 0x0218 usbehci - ok
  19:07:18.0143 0x0218 [ 86B65EEBC03B936DE8B26E5A18D98FA2, 2981CF5A0FB6B6FE0A38363EA4804DB743C45E3E6E72DC3A2260F583377717C8 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
  19:07:18.0190 0x0218 usbhub - ok
  19:07:18.0205 0x0218 [ 099C2931C6F73EB1B9E13C560F61B50D, 83B64A52173243526E380C8FA0D913C7B07C2AF1806ECC4EC0D0B5523A7CBFAA ] usbohci C:\Windows\system32\drivers\usbohci.sys
  19:07:18.0221 0x0218 usbohci - ok
  19:07:18.0252 0x0218 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
  19:07:18.0283 0x0218 usbprint - ok
  19:07:18.0330 0x0218 [ DF4D962EC7D1C1109B121239712C1299, 9E657E14F2B262B31C16E75B9DD04253B3B30192C54ED7A502BDF56ABE474C3A ] usbsmi C:\Windows\system32\DRIVERS\SMIksdrv.sys
  19:07:18.0361 0x0218 usbsmi - ok
  19:07:18.0393 0x0218 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
  19:07:18.0439 0x0218 USBSTOR - ok
  19:07:18.0455 0x0218 [ 5D7651347C7D702F4A5DE53603DC024F, F55532D13AB2FF6D4B6058113AF2710AC5C87059C9000942CF517198BABCD6F5 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
  19:07:18.0502 0x0218 usbuhci - ok
  19:07:18.0533 0x0218 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
  19:07:18.0580 0x0218 usbvideo - ok
  19:07:18.0611 0x0218 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
  19:07:18.0658 0x0218 UxSms - ok
  19:07:18.0673 0x0218 [ CBFE191C034A6AE8C2D1770CC96EB3AF, FF20382AA49B6D69C2A881BD8F92CD4C409A5D9401870BF965D71003211601C8 ] VaultSvc C:\Windows\system32\lsass.exe
  19:07:18.0689 0x0218 VaultSvc - ok
  19:07:18.0751 0x0218 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
  19:07:18.0767 0x0218 vdrvroot - ok
  19:07:18.0814 0x0218 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
  19:07:18.0861 0x0218 vds - ok
  19:07:18.0892 0x0218 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
  19:07:18.0907 0x0218 vga - ok
  19:07:18.0923 0x0218 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
  19:07:18.0954 0x0218 VgaSave - ok
  19:07:19.0001 0x0218 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
  19:07:19.0017 0x0218 vhdmp - ok
  19:07:19.0048 0x0218 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
  19:07:19.0063 0x0218 viaide - ok
  19:07:19.0110 0x0218 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
  19:07:19.0126 0x0218 vmbus - ok
  19:07:19.0157 0x0218 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
  19:07:19.0173 0x0218 VMBusHID - ok
  19:07:19.0188 0x0218 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
  19:07:19.0204 0x0218 volmgr - ok
  19:07:19.0235 0x0218 [ 85C5468BC395819AE2A0C747334BA14C, 75EB4751F90F3347229442A5622539383CE0B1834EE7B995260D0D433BA2E25F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
  19:07:19.0266 0x0218 volmgrx - ok
  19:07:19.0297 0x0218 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
  19:07:19.0313 0x0218 volsnap - ok
  19:07:19.0344 0x0218 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
  19:07:19.0360 0x0218 vsmraid - ok
  19:07:19.0453 0x0218 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
  19:07:19.0563 0x0218 VSS - ok
  19:07:19.0578 0x0218 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
  19:07:19.0609 0x0218 vwifibus - ok
  19:07:19.0625 0x0218 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
  19:07:19.0672 0x0218 vwififlt - ok
  19:07:19.0703 0x0218 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
  19:07:19.0781 0x0218 W32Time - ok
  19:07:19.0797 0x0218 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
  19:07:19.0828 0x0218 WacomPen - ok
  19:07:19.0890 0x0218 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
  19:07:19.0921 0x0218 WANARP - ok
  19:07:19.0937 0x0218 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
  19:07:19.0984 0x0218 Wanarpv6 - ok
  19:07:20.0062 0x0218 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
  19:07:20.0124 0x0218 WatAdminSvc - ok
  19:07:20.0218 0x0218 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
  19:07:20.0311 0x0218 wbengine - ok
  19:07:20.0358 0x0218 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
  19:07:20.0389 0x0218 WbioSrvc - ok
  19:07:20.0436 0x0218 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
  19:07:20.0467 0x0218 wcncsvc - ok
  19:07:20.0499 0x0218 [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
  19:07:20.0530 0x0218 WcsPlugInService - ok
  19:07:20.0545 0x0218 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
  19:07:20.0561 0x0218 Wd - ok
  19:07:20.0623 0x0218 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
  19:07:20.0670 0x0218 Wdf01000 - ok
  19:07:20.0701 0x0218 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
  19:07:20.0733 0x0218 WdiServiceHost - ok
  19:07:20.0733 0x0218 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
  19:07:20.0748 0x0218 WdiSystemHost - ok
  19:07:20.0795 0x0218 [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient C:\Windows\System32\webclnt.dll
  19:07:20.0811 0x0218 WebClient - ok
  19:07:20.0857 0x0218 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
  19:07:20.0904 0x0218 Wecsvc - ok
  19:07:20.0935 0x0218 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
  19:07:20.0967 0x0218 wercplsupport - ok
  19:07:20.0998 0x0218 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
  19:07:21.0045 0x0218 WerSvc - ok
  19:07:21.0076 0x0218 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
  19:07:21.0107 0x0218 WfpLwf - ok
  19:07:21.0123 0x0218 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
  19:07:21.0138 0x0218 WIMMount - ok
  19:07:21.0169 0x0218 WinDefend - ok
  19:07:21.0201 0x0218 WinHttpAutoProxySvc - ok
  19:07:21.0247 0x0218 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
  19:07:21.0310 0x0218 Winmgmt - ok
  19:07:21.0419 0x0218 [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM C:\Windows\system32\WsmSvc.dll
  19:07:21.0528 0x0218 WinRM - ok
  19:07:21.0575 0x0218 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
  19:07:21.0591 0x0218 WinUsb - ok
  19:07:21.0653 0x0218 [ 4B7912EB80820EAC543EE54806EFCAF0, 4D9186F9FE80F03C85C4DC73342EE5870DF1021BD29974BE33557CEA0D524667 ] Wlansvc C:\Windows\System32\wlansvc.dll
  19:07:21.0715 0x0218 Wlansvc - ok
  19:07:21.0747 0x0218 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
  19:07:21.0762 0x0218 WmiAcpi - ok
  19:07:21.0809 0x0218 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
  19:07:21.0840 0x0218 wmiApSrv - ok
  19:07:21.0871 0x0218 WMPNetworkSvc - ok
  19:07:21.0887 0x0218 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
  19:07:21.0934 0x0218 WPCSvc - ok
  19:07:21.0981 0x0218 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
  19:07:22.0012 0x0218 WPDBusEnum - ok
  19:07:22.0043 0x0218 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
  19:07:22.0074 0x0218 ws2ifsl - ok
  19:07:22.0105 0x0218 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
  19:07:22.0121 0x0218 wscsvc - ok
  19:07:22.0121 0x0218 WSearch - ok
  19:07:22.0261 0x0218 [ 88009DB9E1166B6B6713A858C176FECD, CBF4C63D3C5D14AF3C3F0D9C48E5AC9E7A4323BFB0363E9948FD801963BE1467 ] wuauserv C:\Windows\system32\wuaueng.dll
  19:07:22.0386 0x0218 wuauserv - ok
  19:07:22.0464 0x0218 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
  19:07:22.0480 0x0218 WudfPf - ok
  19:07:22.0495 0x0218 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
  19:07:22.0511 0x0218 WUDFRd - ok
  19:07:22.0542 0x0218 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
  19:07:22.0558 0x0218 wudfsvc - ok
  19:07:22.0605 0x0218 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
  19:07:22.0636 0x0218 WwanSvc - ok
  19:07:22.0651 0x0218 ================ Scan global ===============================
  19:07:22.0698 0x0218 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
  19:07:22.0745 0x0218 [ D854A409B41B6017BB3CBA4F0C86609D, 301536A0997F4C7F00BB63A1C75122E98629A811265B1EFDE342CEF36FD94566 ] C:\Windows\system32\winsrv.dll
  19:07:22.0761 0x0218 [ D854A409B41B6017BB3CBA4F0C86609D, 301536A0997F4C7F00BB63A1C75122E98629A811265B1EFDE342CEF36FD94566 ] C:\Windows\system32\winsrv.dll
  19:07:22.0776 0x0218 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
  19:07:22.0823 0x0218 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
  19:07:22.0839 0x0218 [ Global ] - ok
  19:07:22.0839 0x0218 ================ Scan MBR ==================================
  19:07:22.0839 0x0218 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
  19:07:23.0088 0x0218 \Device\Harddisk0\DR0 - ok
  19:07:23.0088 0x0218 ================ Scan VBR ==================================
  19:07:23.0088 0x0218 [ 545DBA64322BA09E00375E8C59C4E5E4 ] \Device\Harddisk0\DR0\Partition1
  19:07:23.0088 0x0218 \Device\Harddisk0\DR0\Partition1 - ok
  19:07:23.0104 0x0218 [ AE287B2C05C028C06205B55824D9D8BE ] \Device\Harddisk0\DR0\Partition2
  19:07:23.0104 0x0218 \Device\Harddisk0\DR0\Partition2 - ok
  19:07:23.0104 0x0218 ================ Scan generic autorun ======================
  19:07:23.0151 0x0218 [ 3CD0E54D977C28CA50FBE3E40C6F7D0F, 45720F7B11603BBE6ADE056770C25692212503D38BA68CB0550988872E40E2F1 ] C:\Windows\system32\igfxtray.exe
  19:07:23.0166 0x0218 IgfxTray - ok
  19:07:23.0182 0x0218 [ 4E2B2F3B7FD17CA06C74F5B54AD476A2, 221BA5FE7CFEE54882902A6AD29B5202201448F1ADC189ECD6F631A186DE34D8 ] C:\Windows\system32\hkcmd.exe
  19:07:23.0197 0x0218 HotKeysCmds - ok
  19:07:23.0229 0x0218 [ 4E592C92850A9A2C0E3BF702A60C0908, E374ED24F9C67227CAA20B321032BDEA9FFD3A16E61D2D6138A8DD45DAEBECE9 ] C:\Windows\system32\igfxpers.exe
  19:07:23.0244 0x0218 Persistence - ok
  19:07:23.0338 0x0218 [ 7A727248EBC065BD2BB94A9B2892D190, B1E12ED3D07963EF0FA09B3ECD8AC3FBD316733D968A99C958DF7026B1BDFD99 ] c:\Program Files\Microsoft Security Client\msseces.exe
  19:07:23.0416 0x0218 MSC - ok
  19:07:23.0650 0x0218 [ 872FA6C761820BAB243D5293317B6F27, 604DA06227D6F1DDA507BD4B16BAFF237477DEB3DE5E8966D14A8B9F1EFADA68 ] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
  19:07:23.0978 0x0218 Malwarebytes TrayApp - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:24.0149 0x0218 Detect skipped due to KSN trusted
  19:07:24.0149 0x0218 Malwarebytes TrayApp - ok
  19:07:24.0274 0x0218 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
  19:07:24.0430 0x0218 Sidebar - ok
  19:07:24.0461 0x0218 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
  19:07:24.0492 0x0218 mctadmin - ok
  19:07:24.0524 0x0218 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
  19:07:24.0570 0x0218 Sidebar - ok
  19:07:24.0570 0x0218 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
  19:07:24.0602 0x0218 mctadmin - ok
  19:07:24.0664 0x0218 [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
  19:07:24.0695 0x0218 RESTART_STICKY_NOTES - ok
  19:07:24.0726 0x0218 CCleaner Smart Cleaning - ok
  19:07:24.0789 0x0218 Skype for Desktop - ok
  19:07:25.0054 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe
  19:07:25.0241 0x0218 9760501 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:25.0491 0x0218 9760501 ( UnsignedFile.Multi.Generic ) - warning
  19:07:25.0928 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe
  19:07:26.0115 0x0218 4841868 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:26.0115 0x0218 4841868 ( UnsignedFile.Multi.Generic ) - warning
  19:07:26.0115 0x0218 Force sending object to P2P due to detect: C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe
  19:07:26.0396 0x0218 Object send P2P result: true
  19:07:26.0754 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds\h0kvbbqacex.exe
  19:07:26.0957 0x0218 5584817 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:26.0957 0x0218 5584817 ( UnsignedFile.Multi.Generic ) - warning
  19:07:27.0347 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1\a1h5k0jauph.exe
  19:07:27.0550 0x0218 590287 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:27.0550 0x0218 590287 ( UnsignedFile.Multi.Generic ) - warning
  19:07:27.0924 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs\xm20ix1nee4.exe
  19:07:28.0112 0x0218 5665255 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:28.0112 0x0218 5665255 ( UnsignedFile.Multi.Generic ) - warning
  19:07:28.0408 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd\5vszy2zupf4.exe
  19:07:28.0595 0x0218 7297948 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:28.0595 0x0218 7297948 ( UnsignedFile.Multi.Generic ) - warning
  19:07:28.0985 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh\zcktoyfadwf.exe
  19:07:29.0172 0x0218 2842562 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:29.0172 0x0218 2842562 ( UnsignedFile.Multi.Generic ) - warning
  19:07:29.0562 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\530lw4d4wou\5t5k5g1ofvz.exe
  19:07:29.0750 0x0218 8146983 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:29.0750 0x0218 8146983 ( UnsignedFile.Multi.Generic ) - warning
  19:07:30.0140 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\51n0j51ornz\ntbdsdu1fct.exe
  19:07:30.0327 0x0218 2651579 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:30.0327 0x0218 2651579 ( UnsignedFile.Multi.Generic ) - warning
  19:07:30.0764 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\eatapus41nh\3fkmhanidm5.exe
  19:07:30.0951 0x0218 3207748 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:30.0951 0x0218 3207748 ( UnsignedFile.Multi.Generic ) - warning
  19:07:31.0341 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt\p2dt5oljwnw.exe
  19:07:31.0528 0x0218 4302746 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:31.0528 0x0218 4302746 ( UnsignedFile.Multi.Generic ) - warning
  19:07:31.0918 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe
  19:07:32.0105 0x0218 4312007 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:32.0105 0x0218 4312007 ( UnsignedFile.Multi.Generic ) - warning
  19:07:32.0105 0x0218 Force sending object to P2P due to detect: C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe
  19:07:32.0464 0x0218 Object send P2P result: true
  19:07:32.0823 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe
  19:07:33.0010 0x0218 2875838 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:33.0010 0x0218 2875838 ( UnsignedFile.Multi.Generic ) - warning
  19:07:33.0010 0x0218 Force sending object to P2P due to detect: C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe
  19:07:33.0384 0x0218 Object send P2P result: true
  19:07:33.0712 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr\2n3ibfg1ec5.exe
  19:07:33.0915 0x0218 3234451 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:33.0915 0x0218 3234451 ( UnsignedFile.Multi.Generic ) - warning
  19:07:34.0305 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\u24yc2snotw\smcgaai3a2x.exe
  19:07:34.0476 0x0218 454306 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:34.0476 0x0218 454306 ( UnsignedFile.Multi.Generic ) - warning
  19:07:34.0835 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\bco2mddg4r1\i15zv3jcti1.exe
  19:07:35.0038 0x0218 8750413 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:35.0038 0x0218 8750413 ( UnsignedFile.Multi.Generic ) - warning
  19:07:35.0444 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk\ki3wnlvozzk.exe
  19:07:35.0646 0x0218 4316658 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:35.0646 0x0218 4316658 ( UnsignedFile.Multi.Generic ) - warning
  19:07:36.0036 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak\3tiaxndvusa.exe
  19:07:36.0224 0x0218 287421 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:36.0224 0x0218 287421 ( UnsignedFile.Multi.Generic ) - warning
  19:07:36.0629 0x0218 [ 096B40BDA327AD0A0E40E1E3A680E221, 261DA69DA189DFEDC303BF546D221C6EAEA3492EAC6C5C5348DA5D93BA7F9105 ] C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl\pq3al0mevo0.exe
  19:07:36.0832 0x0218 9157455 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:36.0832 0x0218 9157455 ( UnsignedFile.Multi.Generic ) - warning
  19:07:37.0191 0x0218 [ C2460B442A292B66CE15B5641A88B946, 97BFC273795D05DF377367B35C540ECD1763AA476B4CA2C3BE0054CBE51BAA24 ] C:\Users\Veronika\AppData\Roaming\xggzgvlsfut\r0khvgfjtem.exe
  19:07:37.0378 0x0218 1573082 - detected UnsignedFile.Multi.Generic ( 1 )
  19:07:37.0581 0x0218 1573082 ( UnsignedFile.Multi.Generic ) - warning
  19:07:38.0064 0x0218 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.10.209.0 ), 0x60000 ( disabled : updated )
  19:07:38.0080 0x0218 Win FW state via NFP2: disabled ( trusted )
  19:07:38.0423 0x0218 ============================================================
  19:07:38.0423 0x0218 Scan finished
  19:07:38.0423 0x0218 ============================================================
  19:07:38.0423 0x00d8 Detected object count: 20
  19:07:38.0423 0x00d8 Actual detected object count: 20
  19:16:28.0964 0x00d8 9760501 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:28.0964 0x00d8 9760501 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:28.0980 0x00d8 4841868 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:28.0980 0x00d8 4841868 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:28.0980 0x00d8 5584817 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:28.0980 0x00d8 5584817 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:28.0980 0x00d8 590287 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:28.0980 0x00d8 590287 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:28.0996 0x00d8 5665255 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:28.0996 0x00d8 5665255 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:28.0996 0x00d8 7297948 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:28.0996 0x00d8 7297948 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:28.0996 0x00d8 2842562 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:28.0996 0x00d8 2842562 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:28.0996 0x00d8 8146983 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:28.0996 0x00d8 8146983 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0011 0x00d8 2651579 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0011 0x00d8 2651579 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0011 0x00d8 3207748 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0011 0x00d8 3207748 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0011 0x00d8 4302746 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0011 0x00d8 4302746 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0027 0x00d8 4312007 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0027 0x00d8 4312007 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0027 0x00d8 2875838 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0027 0x00d8 2875838 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0027 0x00d8 3234451 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0027 0x00d8 3234451 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0042 0x00d8 454306 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0042 0x00d8 454306 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0042 0x00d8 8750413 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0042 0x00d8 8750413 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0042 0x00d8 4316658 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0042 0x00d8 4316658 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0042 0x00d8 287421 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0042 0x00d8 287421 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0058 0x00d8 9157455 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0058 0x00d8 9157455 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19:16:29.0058 0x00d8 1573082 ( UnsignedFile.Multi.Generic ) - skipped by user
  19:16:29.0058 0x00d8 1573082 ( UnsignedFile.Multi.Generic ) - User select action: Skip

[Conder]

Poprosim o obidva nove logy z FRST.

[LuckyphonyxH]

• Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2019 01
  Ran by Veronika (administrator) on VERONIKA-PC (LENOVO 20023) (28-11-2019 22:16:55)
  Running from C:\Users\Veronika\Desktop
  Loaded Profiles: Veronika (Available Profiles: Veronika)
  Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
  Internet Explorer Version 11 (Default browser: Chrome)
  Boot Mode: Safe Mode (with Networking)
  Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
  
  ==================== Processes (Whitelisted) =================
  
  (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  (Malwarebytes Inc -> Malwarebytes) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
  
  ==================== Registry (Whitelisted) ===================
  
  (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  
  HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [5397144 2019-11-28] (Malwarebytes Inc -> Malwarebytes) [File not signed]
  HKLM\ DisallowedCertificates: 0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9 (U)
  HKLM\ DisallowedCertificates: 1518752920E9221E1FE1728AACAC536728B37BA7 (Trend Micro) <==== ATTENTION
  HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION
  HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
  HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
  HKLM\ DisallowedCertificates: 328E73F58737F1AB8DB0DA98FECFA17EB7BFAA40 (U)
  HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION
  HKLM\ DisallowedCertificates: 4E393AA1586C93E0BC9E7FEBCF7BFB62066DC22A (U)
  HKLM\ DisallowedCertificates: 4E564B9FBCE8F496FFF51278CCD14EE17F09A1CE (U)
  HKLM\ DisallowedCertificates: 58939B78BC28EF464220127BB754E3D130306988 (U)
  HKLM\ DisallowedCertificates: 5AACB6A43D9D806E6963937BE702B7A43C1978AE (U)
  HKLM\ DisallowedCertificates: 5DE56B2BAAA995F447949B869356528F91230A49 (U)
  HKLM\ DisallowedCertificates: 7450C07722C75E711EF24209A22F0C5C6A5BEC4E (U)
  HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
  HKLM\ DisallowedCertificates: 78C55D604474B534EB2B565CAD312FC7D71FE9DE (U)
  HKLM\ DisallowedCertificates: 816BE9397F66D1A26EFA04035BCA3BB9E3779740 (U)
  HKLM\ DisallowedCertificates: 8887AF2636E0D3B763AC4D56729218AF89653CA4 (U)
  HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
  HKLM\ DisallowedCertificates: 8B6DD299C6E4092040E98EB773F3818DF50B038D (U)
  HKLM\ DisallowedCertificates: 8DC9FE53D5F1D7D558EBE131E922730780D88865 (U)
  HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION
  HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
  HKLM\ DisallowedCertificates: AA8399A239AE1785200917D32C21F6B662477BE4 (U)
  HKLM\ DisallowedCertificates: AEEA60E86C66327BFBB8492C33122687AB2B5D91 (U)
  HKLM\ DisallowedCertificates: B7E607E1FB8943C634580F621788C01C962E8280 (U)
  HKLM\ DisallowedCertificates: BDEEFEC5F002E281B2292A8C72EACA468CBF9952 (U)
  HKLM\ DisallowedCertificates: BE894F99B870DA5FCA623F7F4A85D3970A46CDE1 (U)
  HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== ATTENTION
  HKLM\ DisallowedCertificates: D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 (U)
  HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== ATTENTION
  HKLM\ DisallowedCertificates: E27AA5FFDCA62A60E435292A243D0C6D43DCC513 (U)
  HKLM\ DisallowedCertificates: E4A0C1054F8025DD88EE5053094A9A61661AE123 (U)
  HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION
  HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
  HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83524968 2019-11-12] (Skype Software Sarl -> Skype Technologies S.A.)
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9760501] => C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe [4761857 2019-11-26] ( ) [File not signed] <==== ATTENTION
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4841868] => C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5584817] => C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds\h0kvbbqacex.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [590287] => C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1\a1h5k0jauph.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5665255] => C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs\xm20ix1nee4.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [7297948] => C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd\5vszy2zupf4.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2842562] => C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh\zcktoyfadwf.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8146983] => C:\Users\Veronika\AppData\Roaming\530lw4d4wou\5t5k5g1ofvz.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2651579] => C:\Users\Veronika\AppData\Roaming\51n0j51ornz\ntbdsdu1fct.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3207748] => C:\Users\Veronika\AppData\Roaming\eatapus41nh\3fkmhanidm5.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4302746] => C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt\p2dt5oljwnw.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4312007] => C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2875838] => C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3234451] => C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr\2n3ibfg1ec5.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [454306] => C:\Users\Veronika\AppData\Roaming\u24yc2snotw\smcgaai3a2x.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8750413] => C:\Users\Veronika\AppData\Roaming\bco2mddg4r1\i15zv3jcti1.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4316658] => C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk\ki3wnlvozzk.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [287421] => C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak\3tiaxndvusa.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9157455] => C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl\pq3al0mevo0.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [1573082] => C:\Users\Veronika\AppData\Roaming\xggzgvlsfut\r0khvgfjtem.exe [4503502 2019-11-27] ( ) [File not signed]
  HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
  HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-25] (Google LLC -> Google LLC)
  GroupPolicy: Restriction ? <==== ATTENTION
  CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  
  ==================== Scheduled Tasks (Whitelisted) ============
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  Task: {09198B41-0F32-466B-BE7C-FE258EDBEF8E} - System32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947} => C:\Windows\system32\pcalua.exe -a C:\Users\Veronika\AppData\Local\Temp\Uninstall.exe -d C:\Users\Veronika\AppData\Local\Temp <==== ATTENTION
  Task: {0D0CAA98-189C-43CC-8C61-6692A66695E5} - System32\Tasks\{E8B74DA1-6F67-48C6-8507-82F8BA07D1D9} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [16544280 2019-11-27] (Malwarebytes Inc -> Malwarebytes) [File not signed]
  Task: {211DADC8-BA36-437A-8D5E-A7A46BD89132} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  Task: {4826603D-CD07-41A2-B5B1-63593DC685E8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
  Task: {9423663B-BB96-41A8-BBB2-C077893A92ED} - System32\Tasks\gXlzblTuor => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\gXlzblTuor\gXlzblTuor.dll",gXlzblTuor <==== ATTENTION
  Task: {A08CA1F1-EDF7-475D-B42F-E43C3C153425} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  Task: {ADE9E4EB-B17E-452E-A6DC-1D0F270D70A3} - System32\Tasks\SlimDrivers Scan => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [29877336 2018-07-09] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
  Task: {DC948EA8-4265-483A-8DB2-0A126DC149AE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  Task: {EBFC38AE-BF5B-4ABE-BBFD-E3F91EC0CFD8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
  Task: {FA9A9017-F87C-41D2-A392-4235B0E01DA1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  
  (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
  
  Task: C:\Windows\Tasks\SlimDrivers Scan.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
  
  ==================== Internet (Whitelisted) ====================
  
  (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  
  Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
  Tcpip\..\Interfaces\{0750AF29-670A-49B3-87A6-18EF5ACF4A94}: [DhcpNameServer] 192.168.0.1 0.0.0.0
  Tcpip\..\Interfaces\{C30AADCB-172C-4238-836F-0A5EB4CAD793}: [DhcpNameServer] 192.168.0.1 0.0.0.0
  
  Internet Explorer:
  ==================
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
  BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
  BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
  BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
  BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
  BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
  Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
  
  FireFox:
  ========
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
  FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
  FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
  FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
  
  Chrome:
  =======
  CHR Profile: C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default [2019-11-28]
  CHR Extension: (Prezentace) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-21]
  CHR Extension: (Dokumenty) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-21]
  CHR Extension: (Disk Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-21]
  CHR Extension: (YouTube) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-21]
  CHR Extension: (Tabulky) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-21]
  CHR Extension: (Dokumenty Google offline) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-21]
  CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-13]
  CHR Extension: (Gmail) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-21]
  CHR Extension: (Chrome Media Router) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-31]
  
  ==================== Services (Whitelisted) ===================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  S2 MBAMInstallerService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe [5217992 2019-11-27] (Malwarebytes Inc -> Malwarebytes) [File not signed]
  R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-27] (Malwarebytes Inc -> Malwarebytes) [File not signed]
  R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
  
  ===================== Drivers (Whitelisted) ===================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
  S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
  R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [53800 2018-11-21] (Synaptics Incorporated -> Synaptics Incorporated)
  S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2019-11-25] (SlimWare Utilities Inc. -> )
  S3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [197376 2009-10-16] (Microsoft Windows Hardware Compatibility Publisher -> SMI)
  S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\QMUdisk64.sys [X]
  S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\softaal64.sys [X]
  S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\TsNetHlpX64.sys [X]
  
  ==================== NetSvcs (Whitelisted) ===================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  
  ==================== One month (created) ===================
  
  (If an entry is included in the fixlist, the file/folder will be moved.)
  
  2019-11-28 22:16 - 2019-11-28 22:17 - 000019965 _____ C:\Users\Veronika\Desktop\FRST.txt
  2019-11-28 19:05 - 2019-11-28 19:20 - 000210310 _____ C:\TDSSKiller.3.1.0.28_28.11.2019_19.05.07_log.txt
  2019-11-28 19:03 - 2019-11-28 19:05 - 000070042 _____ C:\Windows\ntbtlog.txt
  2019-11-28 18:58 - 2019-11-28 18:58 - 000000000 ____D C:\Users\Veronika\AppData\Local\mbamtray
  2019-11-28 04:55 - 2019-11-28 04:54 - 004962800 _____ C:\Users\Veronika\Desktop\tdsskiller.zip
  2019-11-28 04:55 - 2019-04-09 19:14 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Veronika\Desktop\TDSSKiller.exe
  2019-11-28 04:54 - 2019-11-28 04:54 - 004962800 _____ C:\Users\Veronika\Downloads\tdsskiller.zip
  2019-11-27 23:21 - 2019-11-28 04:56 - 000002476 _____ C:\Users\Veronika\Desktop\Rkill.txt
  2019-11-27 23:19 - 2019-11-27 23:20 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Veronika\Downloads\rkill (1).com
  2019-11-27 23:19 - 2019-11-27 23:19 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Veronika\Downloads\rkill.com
  2019-11-27 23:11 - 2019-11-27 23:14 - 054199488 _____ (Malwarebytes ) C:\Users\Veronika\Downloads\mb3-setup-consumer-3.0.5.1299.exe
  2019-11-27 23:10 - 2019-11-27 23:10 - 000002980 _____ C:\Windows\system32\Tasks\{E8B74DA1-6F67-48C6-8507-82F8BA07D1D9}
  2019-11-27 21:50 - 2019-11-27 21:50 - 000007369 _____ C:\Users\Veronika\Downloads\Addition.txt
  2019-11-27 21:32 - 2019-11-28 22:17 - 000000000 ____D C:\FRST
  2019-11-27 21:32 - 2019-11-27 21:50 - 000039037 _____ C:\Users\Veronika\Downloads\FRST.txt
  2019-11-27 21:30 - 2019-11-27 21:31 - 002262016 _____ (Farbar) C:\Users\Veronika\Desktop\FRST64.exe
  2019-11-27 21:27 - 2019-11-28 19:21 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
  2019-11-27 21:27 - 2019-11-27 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
  2019-11-27 21:25 - 2019-11-27 23:00 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
  2019-11-27 21:24 - 2019-11-27 21:24 - 000000000 ____D C:\ProgramData\Malwarebytes
  2019-11-27 21:22 - 2019-11-27 21:22 - 000000000 ____D C:\Program Files\Malwarebytes
  2019-11-27 21:21 - 2019-11-27 21:22 - 001883976 _____ (Malwarebytes) C:\Users\Veronika\Downloads\MBSetup (1).exe
  2019-11-27 18:54 - 2019-11-27 23:29 - 000000004 _____ C:\ProgramData\rc.dat
  2019-11-27 18:53 - 2019-11-27 23:30 - 000000004 _____ C:\ProgramData\lock.dat
  2019-11-27 18:53 - 2019-11-27 23:10 - 000000056 _____ C:\ProgramData\irw.atsd
  2019-11-27 18:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\IPJFH4JKHZ
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000008 _____ C:\ProgramData\ts.dat
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xggzgvlsfut
  2019-11-26 15:25 - 2019-11-26 15:25 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl
  2019-11-26 15:15 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\JUIQYG9EOD
  2019-11-26 15:15 - 2019-11-26 15:15 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak
  2019-11-26 15:04 - 2019-11-26 15:05 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk
  2019-11-26 14:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\Y8AEA5ZTBW
  2019-11-26 14:53 - 2019-11-26 14:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bco2mddg4r1
  2019-11-26 14:42 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\D1O9U7J0B1
  2019-11-26 14:42 - 2019-11-26 14:42 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\u24yc2snotw
  2019-11-26 14:32 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\YQU2UKK1V9
  2019-11-26 14:32 - 2019-11-26 14:32 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr
  2019-11-26 14:23 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\EFPFJ7GM61
  2019-11-26 14:22 - 2019-11-26 14:23 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk
  2019-11-26 14:10 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\ZT9NCEXCAJ
  2019-11-26 14:00 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\QJ3CEGZCB0
  2019-11-26 14:00 - 2019-11-26 14:00 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn
  2019-11-26 13:49 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\K4RUKIW5PV
  2019-11-26 13:49 - 2019-11-26 13:49 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt
  2019-11-26 13:37 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\F5N3PJ8KIB
  2019-11-26 13:37 - 2019-11-26 13:37 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\eatapus41nh
  2019-11-26 13:27 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\RL9BDDHZUZ
  2019-11-26 13:27 - 2019-11-26 13:27 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\51n0j51ornz
  2019-11-26 13:16 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2WZXD4F86N
  2019-11-26 13:16 - 2019-11-26 13:16 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\530lw4d4wou
  2019-11-26 13:07 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\L40ZKRHTMW
  2019-11-26 13:07 - 2019-11-26 13:07 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh
  2019-11-26 12:56 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\LEMOQ9SXAM
  2019-11-26 12:56 - 2019-11-26 12:56 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd
  2019-11-26 12:50 - 2019-11-27 23:30 - 000000000 ____D C:\ProgramData\WIFIService
  2019-11-26 12:46 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\7IIVQBB6DF
  2019-11-26 12:46 - 2019-11-26 12:46 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs
  2019-11-26 12:44 - 2019-11-26 12:44 - 000003186 _____ C:\Windows\system32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947}
  2019-11-26 12:36 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\WN6Z5WTRQJ
  2019-11-26 12:36 - 2019-11-26 12:36 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1
  2019-11-26 12:31 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds
  2019-11-26 12:28 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\DRPSu
  2019-11-26 12:22 - 2019-11-28 19:01 - 000016712 _____ C:\Windows\system32\Tasks\gXlzblTuor
  2019-11-26 12:22 - 2019-11-28 18:55 - 000000422 __RSH C:\ProgramData\ntuser.pol
  2019-11-26 12:22 - 2019-11-26 12:22 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\ScreenToGif
  2019-11-26 12:22 - 2019-09-19 17:16 - 000000000 ____D C:\Program Files (x86)\gXlzblTuor
  2019-11-26 12:21 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2RSAIQOU2X
  2019-11-26 12:21 - 2019-11-26 12:21 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\1nky1jwt45z
  2019-11-26 12:20 - 2019-11-27 22:54 - 000000000 ____D C:\Program Files (x86)\MachinerData
  2019-11-26 12:19 - 2019-11-28 19:01 - 000000000 ____D C:\Program Files (x86)\eCertification
  2019-11-26 12:18 - 2019-11-26 12:18 - 005916484 _____ C:\Users\Veronika\Downloads\driver-autocom-cdp-usb_bd2e186.zip
  2019-11-26 12:15 - 2019-11-26 12:15 - 013082576 _____ (TweakBit ) C:\Users\Veronika\Downloads\autocom_cdp_usb.exe
  2019-11-26 12:06 - 2019-11-26 12:06 - 000050566 _____ C:\Users\Veronika\AppData\Roaming\yuhbgv.exe
  2019-11-26 09:58 - 2019-11-26 09:58 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
  2019-11-26 09:58 - 2019-11-26 09:58 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\Skype
  2019-11-26 09:58 - 2019-11-26 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
  2019-11-25 18:49 - 2019-11-25 18:49 - 000000000 ____D C:\Program Files (x86)\Company
  2019-11-25 18:39 - 2019-11-26 12:06 - 000511600 _____ (Michael P. Mehl <michael.mehl@web.de>) C:\Users\Veronika\AppData\Roaming\brtvecet4re.exe
  2019-11-25 18:33 - 2019-11-25 18:33 - 001997312 _____ C:\Users\Veronika\AppData\Roaming\4gtrecwr3t4g.exe
  2019-11-25 18:33 - 2019-11-25 18:33 - 000000000 ____D C:\Program Files (x86)\Opura
  2019-11-25 18:30 - 2019-11-26 12:04 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\ActiveX
  2019-11-25 18:29 - 2019-11-25 18:29 - 000000000 ____D C:\ProgramData\LamiaR
  2019-11-25 07:42 - 2019-11-25 13:16 - 000000000 __SHD C:\Users\Veronika\wc
  2019-11-25 07:42 - 2019-11-25 07:42 - 000000000 __SHD C:\Users\Veronika\AppData\Roaming\wyUpdate AU
  2019-11-15 14:23 - 2019-11-27 21:06 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
  2019-11-15 14:23 - 2019-11-15 14:23 - 000002820 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
  2019-11-15 14:23 - 2019-11-15 14:23 - 000000000 ____D C:\Program Files\CCleaner
  2019-11-15 14:11 - 2019-11-15 14:11 - 000000000 ____D C:\Users\Veronika\AppData\Local\CEF
  2019-11-15 13:51 - 2019-11-15 13:51 - 000000000 ____D C:\Program Files\Common Files\Tencent
  2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\QMLogEx
  2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\ProgramData\TXQMPC
  2019-11-15 13:49 - 2019-11-15 13:49 - 000000000 ____D C:\Program Files (x86)\Tencent
  2019-11-15 13:45 - 2019-11-26 10:40 - 001560632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
  2019-11-15 07:43 - 2019-11-15 14:26 - 000000000 ____D C:\ProgramData\Tencent
  2019-11-15 07:43 - 2019-11-15 13:48 - 000633144 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000545080 _____ (Microsoft Corporation) C:\Windows\system32\vcamp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000440120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000400184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcamp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000395592 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000333632 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000267592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000244032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000185144 _____ (Microsoft Corporation) C:\Windows\system32\vcomp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000138560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000087880 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
  2019-11-15 07:43 - 2019-11-15 13:48 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
  2019-11-15 07:42 - 2019-11-15 13:55 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\Tencent
  
  ==================== One month (modified) ==================
  
  (If an entry is included in the fixlist, the file/folder will be moved.)
  
  2019-11-28 18:55 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
  2019-11-28 09:01 - 2009-07-14 05:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  2019-11-28 09:01 - 2009-07-14 05:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  2019-11-28 00:03 - 2019-08-21 10:37 - 000000000 ____D C:\Windows\system32\Tasks\Games
  2019-11-27 22:51 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
  2019-11-27 20:10 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
  2019-11-26 12:42 - 2019-08-21 11:02 - 000000000 ____D C:\Program Files\CONEXANT
  2019-11-26 12:39 - 2019-08-21 11:26 - 000000000 ____D C:\Windows\Panther
  2019-11-26 12:22 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
  2019-11-26 12:08 - 2019-08-21 12:01 - 000000000 ____D C:\Windows\system32\MRT
  2019-11-26 12:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
  2019-11-26 10:52 - 2019-08-21 12:01 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
  2019-11-26 10:48 - 2019-08-22 10:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
  2019-11-26 10:48 - 2009-07-14 03:34 - 000000581 _____ C:\Windows\win.ini
  2019-11-26 10:40 - 2009-07-14 16:18 - 000669274 _____ C:\Windows\system32\perfh005.dat
  2019-11-26 10:40 - 2009-07-14 16:18 - 000141342 _____ C:\Windows\system32\perfc005.dat
  2019-11-26 10:40 - 2009-07-14 06:13 - 001560632 _____ C:\Windows\system32\PerfStringBackup.INI
  2019-11-26 09:31 - 2019-08-21 12:04 - 000000000 ____D C:\Users\Veronika\Desktop\Honza
  2019-11-25 13:09 - 2019-08-21 10:43 - 000013920 _____ C:\Windows\system32\Drivers\SWDUMon.sys
  2019-11-25 12:57 - 2009-07-14 06:09 - 000000000 ____D C:\Windows\system32\Tasks\WPD
  2019-11-25 08:52 - 2019-08-21 11:11 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
  2019-11-25 08:52 - 2019-08-21 11:11 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
  2019-11-25 07:42 - 2019-08-21 10:34 - 000000000 ____D C:\Users\Veronika
  2019-11-25 07:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
  2019-11-20 19:18 - 2019-08-21 10:43 - 000000470 _____ C:\Windows\Tasks\SlimDrivers Scan.job
  2019-11-15 16:00 - 2019-09-21 15:00 - 000000000 ____D C:\Users\Veronika\Documents\Stronghold Crusader
  2019-11-15 13:37 - 2019-10-27 16:00 - 000000264 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
  2019-11-15 13:37 - 2019-10-27 16:00 - 000000000 ____D C:\ProgramData\Delphi
  2019-11-15 13:36 - 2019-10-27 15:59 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\Delphi
  2019-11-15 07:43 - 2019-08-21 11:09 - 000000000 ____D C:\Program Files (x86)\Google
  2019-11-15 07:42 - 2019-10-27 16:35 - 000000000 ____D C:\9fcdaa2dcb4d0a4db689afc6cb48e1c8
  2019-11-12 22:03 - 2019-08-21 10:52 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
  2019-10-31 19:19 - 2019-08-21 12:29 - 000000000 ____D C:\Users\Veronika\Desktop\Verča
  
  ==================== Files in the root of some directories ========
  
  2019-11-27 18:53 - 2019-11-27 23:30 - 000000004 _____ () C:\ProgramData\lock.dat
  2019-11-27 18:54 - 2019-11-27 23:29 - 000000004 _____ () C:\ProgramData\rc.dat
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000008 _____ () C:\ProgramData\ts.dat
  2019-11-25 18:33 - 2019-11-25 18:33 - 001997312 _____ () C:\Users\Veronika\AppData\Roaming\4gtrecwr3t4g.exe
  2019-11-25 18:39 - 2019-11-26 12:06 - 000511600 _____ (Michael P. Mehl <michael.mehl@web.de>) C:\Users\Veronika\AppData\Roaming\brtvecet4re.exe
  2019-11-26 12:06 - 2019-11-26 12:06 - 000050566 _____ () C:\Users\Veronika\AppData\Roaming\yuhbgv.exe
  
  ==================== SigCheck ============================
  
  (There is no automatic fix for files that do not pass verification.)
  
  
  LastRegBack: 2019-11-26 11:52
  ==================== End of FRST.txt ========================

[LuckyphonyxH]

• Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
  Ran by Veronika (28-11-2019 22:18:04)
  Running from C:\Users\Veronika\Desktop
  Windows 7 Professional Service Pack 1 (X64) (2019-08-21 09:34:47)
  Boot Mode: Safe Mode (with Networking)
  ==========================================================
  
  
  ==================== Accounts: =============================
  
  Administrator (S-1-5-21-966870082-2284507984-435399636-500 - Administrator - Disabled)
  Guest (S-1-5-21-966870082-2284507984-435399636-501 - Limited - Disabled)
  HomeGroupUser$ (S-1-5-21-966870082-2284507984-435399636-1002 - Limited - Enabled)
  Veronika (S-1-5-21-966870082-2284507984-435399636-1001 - Administrator - Enabled) => C:\Users\Veronika
  
  ==================== Security Center ========================
  
  (If an entry is included in the fixlist, it will be removed.)
  
  AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
  AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
  AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  
  ==================== Installed Programs ======================
  
  (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
  
  CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
  Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
  Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
  Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
  Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
  Lenovo EasyCamera (HKLM\...\Lenovo EasyCamera) (Version: 5.8.0.12 - Silicon Motion)
  Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion)
  Malwarebytes verze 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
  Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
  Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
  Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
  Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
  Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
  Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
  Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
  Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
  Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
  Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
  Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.101.714.2016 - Realtek)
  Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
  Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
  Skype verze 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
  SlimDrivers (HKLM-x32\...\{6DF079D7-2A57-4710-81B1-064649FF86FC}) (Version: 2.3.2 - Slimware Utilities Holdings, Inc.) Hidden
  SlimDrivers (HKLM-x32\...\SlimDrivers) (Version: 2.3.2 - Slimware Utilities Holdings, Inc.)
  Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.0.0.6 - GOG.com)
  Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
  Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
  Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
  Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
  WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
  
  ==================== Custom CLSID (Whitelisted): ==============
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
  ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
  ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes Corporation -> Malwarebytes)
  ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2000-01-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
  ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes Corporation -> Malwarebytes)
  ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
  ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
  
  ==================== Codecs (Whitelisted) ====================
  
  ==================== Shortcuts & WMI ========================
  
  ==================== Loaded Modules (Whitelisted) =============
  
  2019-11-25 08:51 - 2019-11-26 12:19 - 064562672 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\chrome.dll
  
  ==================== Alternate Data Streams (Whitelisted) ========
  
  ==================== Safe Mode (Whitelisted) ==================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
  
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
  
  ==================== Association (Whitelisted) =================
  
  ==================== Internet Explorer trusted/restricted ==========
  
  ==================== Hosts content: =========================
  
  (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
  
  2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
  
  ==================== Other Areas ===========================
  
  (Currently there is no automatic fix for this section.)
  
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\Control Panel\Desktop\\Wallpaper ->
  DNS Servers: 192.168.0.1
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
  Windows Firewall is disabled.
  
  ==================== MSCONFIG/TASK MANAGER disabled items ==
  
  ==================== FirewallRules (Whitelisted) ================
  
  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  
  FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
  FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
  FirewallRules: [{E4159AB9-30DA-4C89-B8EF-3D9F88BCE806}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
  FirewallRules: [{765AA769-3E5B-4158-B40D-DA5B67E7A886}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
  FirewallRules: [{90778EAF-685A-4D92-A006-E6FA459305F9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
  FirewallRules: [{C5CE2D95-A52F-4005-AFB9-8E5C3FDCD930}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
  FirewallRules: [{B55B725D-151C-4022-B88F-3D9E63027A5A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
  FirewallRules: [{6DE0A74D-3525-43F1-9407-D1D6D1333B62}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
  FirewallRules: [{E6982795-1F07-4AA8-AEE4-9CFEA3D47E9A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
  FirewallRules: [{DC8ACFA5-68A9-4A40-88C7-B7817A954038}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
  FirewallRules: [{459F3D1B-AD62-4573-92E1-1F3006647F14}] => (Allow) C:\Users\Veronika\AppData\Local\Temp\DriverPack-20191126122801\tools\aria2c.exe No File
  FirewallRules: [{EF0AF9BB-19D3-4D80-AE0F-5F1F26FD3619}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
  FirewallRules: [{45429B74-7C39-455F-8056-81289327C529}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
  FirewallRules: [{D4A3430E-F164-4BCC-A9A6-8CC4A2A09880}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
  FirewallRules: [{B1399E28-B51D-43E8-936D-348061BA75CC}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
  
  ==================== Restore Points =========================
  
  26-09-2019 16:08:22 Windows Update
  30-09-2019 09:27:49 Windows Update
  13-10-2019 09:07:10 Windows Update
  22-10-2019 06:16:41 Windows Update
  27-10-2019 15:21:43 Windows Update
  31-10-2019 19:38:48 Windows Update
  15-11-2019 08:02:19 Windows Update
  25-11-2019 11:38:05 Windows Update
  26-11-2019 10:24:14 Windows Update
  26-11-2019 12:31:20 DriverPack 17.11.13
  
  ==================== Faulty Device Manager Devices ============
  
  Name: Security Processor Loader Driver
  Description: Security Processor Loader Driver
  Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
  Manufacturer:
  Service: spldr
  Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
  Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
  Devices stay in this state if they have been prepared for removal.
  After you remove the device, this error disappears.Remove the device, and this error should be resolved.
  
  Name: Autocom CDP+ USB
  Description: Autocom CDP+ USB
  Class Guid:
  Manufacturer:
  Service:
  Problem: : The drivers for this device are not installed. (Code 28)
  Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
  
  Name:
  Description:
  Class Guid:
  Manufacturer:
  Service:
  Problem: : The drivers for this device are not installed. (Code 28)
  Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
  
  
  ==================== Event log errors: ========================
  
  Application errors:
  ==================
  Error: (11/28/2019 07:27:18 PM) (Source: PerfNet) (EventID: 2004) (User: )
  Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.
  
  Error: (11/28/2019 07:21:43 PM) (Source: Application Error) (EventID: 1000) (User: )
  Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
  Název chybujícího modulu: Qt5Core.dll, verze: 5.13.2.0, časové razítko: 0x5dcd60b9
  Kód výjimky: 0xc0000005
  Posun chyby: 0x001b487e
  ID chybujícího procesu: 0x7b8
  Čas spuštění chybující aplikace: 0x01d5a618a616fa4d
  Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
  ID zprávy: ed3ccca9-120b-11ea-ac51-1c7508558ab8
  
  Error: (11/28/2019 07:21:18 PM) (Source: PerfNet) (EventID: 2004) (User: )
  Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.
  
  Error: (11/28/2019 07:21:18 PM) (Source: PerfNet) (EventID: 2004) (User: )
  Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.
  
  Error: (11/28/2019 07:21:03 PM) (Source: Application Error) (EventID: 1000) (User: )
  Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
  Název chybujícího modulu: Qt5Core.dll, verze: 5.13.2.0, časové razítko: 0x5dcd60b9
  Kód výjimky: 0xc0000005
  Posun chyby: 0x001b487e
  ID chybujícího procesu: 0xa58
  Čas spuštění chybující aplikace: 0x01d5a6188b49f622
  Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
  ID zprávy: d5819f74-120b-11ea-ac51-1c7508558ab8
  
  Error: (11/28/2019 07:19:07 PM) (Source: PerfNet) (EventID: 2004) (User: )
  Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.
  
  Error: (11/28/2019 07:04:19 PM) (Source: Winlogon) (EventID: 4103) (User: )
  Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
  
  Error: (11/28/2019 07:04:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
  Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
  0x8007043C
  
  
  System errors:
  =============
  Error: (11/28/2019 10:17:18 PM) (Source: DCOM) (EventID: 10005) (User: )
  Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby VSS s argumenty za účelem spuštění serveru:
  {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
  
  Error: (11/28/2019 07:24:45 PM) (Source: DCOM) (EventID: 10005) (User: )
  Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby BITS s argumenty za účelem spuštění serveru:
  {4991D34B-80A1-4291-83B6-3328366B9097}
  
  Error: (11/28/2019 07:05:51 PM) (Source: DCOM) (EventID: 10005) (User: )
  Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby BITS s argumenty za účelem spuštění serveru:
  {4991D34B-80A1-4291-83B6-3328366B9097}
  
  Error: (11/28/2019 07:04:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
  Description: Služba Zprostředkovatel domácích skupin závisí na službě Hostitel poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující chyby:
  Nepodařilo se zahájit závislou službu nebo skupinu.
  
  Error: (11/28/2019 07:04:38 PM) (Source: DCOM) (EventID: 10005) (User: )
  Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
  {9E175B6D-F52A-11D8-B9A5-505054503030}
  
  Error: (11/28/2019 07:04:37 PM) (Source: DCOM) (EventID: 10005) (User: )
  Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
  {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
  
  Error: (11/28/2019 07:04:29 PM) (Source: DCOM) (EventID: 10005) (User: )
  Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby EventSystem s argumenty za účelem spuštění serveru:
  {1BE1F766-5536-11D1-B726-00C04FB926AF}
  
  Error: (11/28/2019 07:04:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
  Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
  Nepodařilo se zahájit závislou službu nebo skupinu.
  
  
  ==================== Memory info ===========================
  
  BIOS: LENOVO 18CN46WW(V2.55) 05/21/2010
  Motherboard: LENOVO NITU1
  Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
  Percentage of memory in use: 73%
  Total physical RAM: 3032.6 MB
  Available physical RAM: 814.38 MB
  Total Virtual: 6063.34 MB
  Available Virtual: 3869.67 MB
  
  ==================== Drives ================================
  
  Drive c: () (Fixed) (Total:465.66 GB) (Free:339.66 GB) NTFS
  
  \\?\Volume{cfbaabf1-c3f5-11e9-b0c6-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
  
  ==================== MBR & Partition Table ====================
  
  ==========================================================
  Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B40280FB)
  Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
  Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
  
  ==================== End of Addition.txt =======================

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  HKLM\ DisallowedCertificates: 0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9 (U)
  HKLM\ DisallowedCertificates: 1518752920E9221E1FE1728AACAC536728B37BA7 (Trend Micro) <==== ATTENTION
  HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION
  HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
  HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
  HKLM\ DisallowedCertificates: 328E73F58737F1AB8DB0DA98FECFA17EB7BFAA40 (U)
  HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION
  HKLM\ DisallowedCertificates: 4E393AA1586C93E0BC9E7FEBCF7BFB62066DC22A (U)
  HKLM\ DisallowedCertificates: 4E564B9FBCE8F496FFF51278CCD14EE17F09A1CE (U)
  HKLM\ DisallowedCertificates: 58939B78BC28EF464220127BB754E3D130306988 (U)
  HKLM\ DisallowedCertificates: 5AACB6A43D9D806E6963937BE702B7A43C1978AE (U)
  HKLM\ DisallowedCertificates: 5DE56B2BAAA995F447949B869356528F91230A49 (U)
  HKLM\ DisallowedCertificates: 7450C07722C75E711EF24209A22F0C5C6A5BEC4E (U)
  HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
  HKLM\ DisallowedCertificates: 78C55D604474B534EB2B565CAD312FC7D71FE9DE (U)
  HKLM\ DisallowedCertificates: 816BE9397F66D1A26EFA04035BCA3BB9E3779740 (U)
  HKLM\ DisallowedCertificates: 8887AF2636E0D3B763AC4D56729218AF89653CA4 (U)
  HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
  HKLM\ DisallowedCertificates: 8B6DD299C6E4092040E98EB773F3818DF50B038D (U)
  HKLM\ DisallowedCertificates: 8DC9FE53D5F1D7D558EBE131E922730780D88865 (U)
  HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION
  HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
  HKLM\ DisallowedCertificates: AA8399A239AE1785200917D32C21F6B662477BE4 (U)
  HKLM\ DisallowedCertificates: AEEA60E86C66327BFBB8492C33122687AB2B5D91 (U)
  HKLM\ DisallowedCertificates: B7E607E1FB8943C634580F621788C01C962E8280 (U)
  HKLM\ DisallowedCertificates: BDEEFEC5F002E281B2292A8C72EACA468CBF9952 (U)
  HKLM\ DisallowedCertificates: BE894F99B870DA5FCA623F7F4A85D3970A46CDE1 (U)
  HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== ATTENTION
  HKLM\ DisallowedCertificates: D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 (U)
  HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== ATTENTION
  HKLM\ DisallowedCertificates: E27AA5FFDCA62A60E435292A243D0C6D43DCC513 (U)
  HKLM\ DisallowedCertificates: E4A0C1054F8025DD88EE5053094A9A61661AE123 (U)
  HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION
  HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
  HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9760501] => C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe [4761857 2019-11-26] ( ) [File not signed] <==== ATTENTION
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4841868] => C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5584817] => C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds\h0kvbbqacex.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [590287] => C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1\a1h5k0jauph.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5665255] => C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs\xm20ix1nee4.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [7297948] => C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd\5vszy2zupf4.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2842562] => C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh\zcktoyfadwf.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8146983] => C:\Users\Veronika\AppData\Roaming\530lw4d4wou\5t5k5g1ofvz.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2651579] => C:\Users\Veronika\AppData\Roaming\51n0j51ornz\ntbdsdu1fct.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3207748] => C:\Users\Veronika\AppData\Roaming\eatapus41nh\3fkmhanidm5.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4302746] => C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt\p2dt5oljwnw.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4312007] => C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2875838] => C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3234451] => C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr\2n3ibfg1ec5.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [454306] => C:\Users\Veronika\AppData\Roaming\u24yc2snotw\smcgaai3a2x.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8750413] => C:\Users\Veronika\AppData\Roaming\bco2mddg4r1\i15zv3jcti1.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4316658] => C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk\ki3wnlvozzk.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [287421] => C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak\3tiaxndvusa.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9157455] => C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl\pq3al0mevo0.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [1573082] => C:\Users\Veronika\AppData\Roaming\xggzgvlsfut\r0khvgfjtem.exe [4503502 2019-11-27] ( ) [File not signed]
  GroupPolicy: Restriction ? <==== ATTENTION
  CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  Task: {09198B41-0F32-466B-BE7C-FE258EDBEF8E} - System32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947} => C:\Windows\system32\pcalua.exe -a C:\Users\Veronika\AppData\Local\Temp\Uninstall.exe -d C:\Users\Veronika\AppData\Local\Temp <==== ATTENTION
  Task: {9423663B-BB96-41A8-BBB2-C077893A92ED} - System32\Tasks\gXlzblTuor => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\gXlzblTuor\gXlzblTuor.dll",gXlzblTuor <==== ATTENTION
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\QMUdisk64.sys [X]
  S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\softaal64.sys [X]
  S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\TsNetHlpX64.sys [X]
  2019-11-27 18:54 - 2019-11-27 23:29 - 000000004 _____ C:\ProgramData\rc.dat
  2019-11-27 18:53 - 2019-11-27 23:30 - 000000004 _____ C:\ProgramData\lock.dat
  2019-11-27 18:53 - 2019-11-27 23:10 - 000000056 _____ C:\ProgramData\irw.atsd
  2019-11-27 18:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\IPJFH4JKHZ
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000008 _____ C:\ProgramData\ts.dat
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xggzgvlsfut
  2019-11-26 15:25 - 2019-11-26 15:25 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl
  2019-11-26 15:15 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\JUIQYG9EOD
  2019-11-26 15:15 - 2019-11-26 15:15 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak
  2019-11-26 15:04 - 2019-11-26 15:05 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk
  2019-11-26 14:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\Y8AEA5ZTBW
  2019-11-26 14:53 - 2019-11-26 14:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bco2mddg4r1
  2019-11-26 14:42 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\D1O9U7J0B1
  2019-11-26 14:42 - 2019-11-26 14:42 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\u24yc2snotw
  2019-11-26 14:32 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\YQU2UKK1V9
  2019-11-26 14:32 - 2019-11-26 14:32 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr
  2019-11-26 14:23 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\EFPFJ7GM61
  2019-11-26 14:22 - 2019-11-26 14:23 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk
  2019-11-26 14:10 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\ZT9NCEXCAJ
  2019-11-26 14:00 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\QJ3CEGZCB0
  2019-11-26 14:00 - 2019-11-26 14:00 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn
  2019-11-26 13:49 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\K4RUKIW5PV
  2019-11-26 13:49 - 2019-11-26 13:49 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt
  2019-11-26 13:37 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\F5N3PJ8KIB
  2019-11-26 13:37 - 2019-11-26 13:37 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\eatapus41nh
  2019-11-26 13:27 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\RL9BDDHZUZ
  2019-11-26 13:27 - 2019-11-26 13:27 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\51n0j51ornz
  2019-11-26 13:16 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2WZXD4F86N
  2019-11-26 13:16 - 2019-11-26 13:16 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\530lw4d4wou
  2019-11-26 13:07 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\L40ZKRHTMW
  2019-11-26 13:07 - 2019-11-26 13:07 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh
  2019-11-26 12:56 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\LEMOQ9SXAM
  2019-11-26 12:56 - 2019-11-26 12:56 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd
  2019-11-26 12:50 - 2019-11-27 23:30 - 000000000 ____D C:\ProgramData\WIFIService
  2019-11-26 12:46 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\7IIVQBB6DF
  2019-11-26 12:46 - 2019-11-26 12:46 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs
  2019-11-26 12:44 - 2019-11-26 12:44 - 000003186 _____ C:\Windows\system32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947}
  2019-11-26 12:36 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\WN6Z5WTRQJ
  2019-11-26 12:36 - 2019-11-26 12:36 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1
  2019-11-26 12:31 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds
  2019-11-26 12:28 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\DRPSu
  2019-11-26 12:22 - 2019-11-28 19:01 - 000016712 _____ C:\Windows\system32\Tasks\gXlzblTuor
  2019-11-26 12:22 - 2019-11-28 18:55 - 000000422 __RSH C:\ProgramData\ntuser.pol
  2019-11-26 12:22 - 2019-11-26 12:22 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\ScreenToGif
  2019-11-26 12:22 - 2019-09-19 17:16 - 000000000 ____D C:\Program Files (x86)\gXlzblTuor
  2019-11-26 12:21 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2RSAIQOU2X
  2019-11-26 12:21 - 2019-11-26 12:21 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\1nky1jwt45z
  2019-11-26 12:06 - 2019-11-26 12:06 - 000050566 _____ C:\Users\Veronika\AppData\Roaming\yuhbgv.exe
  2019-11-25 18:39 - 2019-11-26 12:06 - 000511600 _____ (Michael P. Mehl <michael.mehl@web.de>) C:\Users\Veronika\AppData\Roaming\brtvecet4re.exe
  2019-11-25 18:33 - 2019-11-25 18:33 - 001997312 _____ C:\Users\Veronika\AppData\Roaming\4gtrecwr3t4g.exe
  2019-11-25 18:29 - 2019-11-25 18:29 - 000000000 ____D C:\ProgramData\LamiaR
  2019-11-25 07:42 - 2019-11-25 13:16 - 000000000 __SHD C:\Users\Veronika\wc
  2019-11-25 07:42 - 2019-11-25 07:42 - 000000000 __SHD C:\Users\Veronika\AppData\Roaming\wyUpdate AU
  2019-11-15 14:11 - 2019-11-15 14:11 - 000000000 ____D C:\Users\Veronika\AppData\Local\CEF
  2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\QMLogEx
  2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\ProgramData\TXQMPC
  2019-11-15 07:43 - 2019-11-15 14:26 - 000000000 ____D C:\ProgramData\Tencent
  2019-11-15 07:42 - 2019-10-27 16:35 - 000000000 ____D C:\9fcdaa2dcb4d0a4db689afc6cb48e1c8
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
  FirewallRules: [{459F3D1B-AD62-4573-92E1-1F3006647F14}] => (Allow) C:\Users\Veronika\AppData\Local\Temp\DriverPack-20191126122801\tools\aria2c.exe No File
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[LuckyphonyxH]

• Fix result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
  Ran by Veronika (28-11-2019 23:21:48) Run:1
  Running from C:\Users\Veronika\Desktop
  Loaded Profiles: Veronika (Available Profiles: Veronika)
  Boot Mode: Normal
  ==============================================
  
  fixlist content:
  *****************
  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  HKLM\ DisallowedCertificates: 0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9 (U)
  HKLM\ DisallowedCertificates: 1518752920E9221E1FE1728AACAC536728B37BA7 (Trend Micro) <==== ATTENTION
  HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION
  HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
  HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
  HKLM\ DisallowedCertificates: 328E73F58737F1AB8DB0DA98FECFA17EB7BFAA40 (U)
  HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION
  HKLM\ DisallowedCertificates: 4E393AA1586C93E0BC9E7FEBCF7BFB62066DC22A (U)
  HKLM\ DisallowedCertificates: 4E564B9FBCE8F496FFF51278CCD14EE17F09A1CE (U)
  HKLM\ DisallowedCertificates: 58939B78BC28EF464220127BB754E3D130306988 (U)
  HKLM\ DisallowedCertificates: 5AACB6A43D9D806E6963937BE702B7A43C1978AE (U)
  HKLM\ DisallowedCertificates: 5DE56B2BAAA995F447949B869356528F91230A49 (U)
  HKLM\ DisallowedCertificates: 7450C07722C75E711EF24209A22F0C5C6A5BEC4E (U)
  HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
  HKLM\ DisallowedCertificates: 78C55D604474B534EB2B565CAD312FC7D71FE9DE (U)
  HKLM\ DisallowedCertificates: 816BE9397F66D1A26EFA04035BCA3BB9E3779740 (U)
  HKLM\ DisallowedCertificates: 8887AF2636E0D3B763AC4D56729218AF89653CA4 (U)
  HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
  HKLM\ DisallowedCertificates: 8B6DD299C6E4092040E98EB773F3818DF50B038D (U)
  HKLM\ DisallowedCertificates: 8DC9FE53D5F1D7D558EBE131E922730780D88865 (U)
  HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION
  HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
  HKLM\ DisallowedCertificates: AA8399A239AE1785200917D32C21F6B662477BE4 (U)
  HKLM\ DisallowedCertificates: AEEA60E86C66327BFBB8492C33122687AB2B5D91 (U)
  HKLM\ DisallowedCertificates: B7E607E1FB8943C634580F621788C01C962E8280 (U)
  HKLM\ DisallowedCertificates: BDEEFEC5F002E281B2292A8C72EACA468CBF9952 (U)
  HKLM\ DisallowedCertificates: BE894F99B870DA5FCA623F7F4A85D3970A46CDE1 (U)
  HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== ATTENTION
  HKLM\ DisallowedCertificates: D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 (U)
  HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== ATTENTION
  HKLM\ DisallowedCertificates: E27AA5FFDCA62A60E435292A243D0C6D43DCC513 (U)
  HKLM\ DisallowedCertificates: E4A0C1054F8025DD88EE5053094A9A61661AE123 (U)
  HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION
  HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
  HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9760501] => C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe [4761857 2019-11-26] ( ) [File not signed] <==== ATTENTION
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4841868] => C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5584817] => C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds\h0kvbbqacex.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [590287] => C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1\a1h5k0jauph.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5665255] => C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs\xm20ix1nee4.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [7297948] => C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd\5vszy2zupf4.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2842562] => C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh\zcktoyfadwf.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8146983] => C:\Users\Veronika\AppData\Roaming\530lw4d4wou\5t5k5g1ofvz.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2651579] => C:\Users\Veronika\AppData\Roaming\51n0j51ornz\ntbdsdu1fct.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3207748] => C:\Users\Veronika\AppData\Roaming\eatapus41nh\3fkmhanidm5.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4302746] => C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt\p2dt5oljwnw.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4312007] => C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2875838] => C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3234451] => C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr\2n3ibfg1ec5.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [454306] => C:\Users\Veronika\AppData\Roaming\u24yc2snotw\smcgaai3a2x.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8750413] => C:\Users\Veronika\AppData\Roaming\bco2mddg4r1\i15zv3jcti1.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4316658] => C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk\ki3wnlvozzk.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [287421] => C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak\3tiaxndvusa.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9157455] => C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl\pq3al0mevo0.exe [4761857 2019-11-26] ( ) [File not signed]
  HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [1573082] => C:\Users\Veronika\AppData\Roaming\xggzgvlsfut\r0khvgfjtem.exe [4503502 2019-11-27] ( ) [File not signed]
  GroupPolicy: Restriction ? <==== ATTENTION
  CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  Task: {09198B41-0F32-466B-BE7C-FE258EDBEF8E} - System32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947} => C:\Windows\system32\pcalua.exe -a C:\Users\Veronika\AppData\Local\Temp\Uninstall.exe -d C:\Users\Veronika\AppData\Local\Temp <==== ATTENTION
  Task: {9423663B-BB96-41A8-BBB2-C077893A92ED} - System32\Tasks\gXlzblTuor => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\gXlzblTuor\gXlzblTuor.dll",gXlzblTuor <==== ATTENTION
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\QMUdisk64.sys [X]
  S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\softaal64.sys [X]
  S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\TsNetHlpX64.sys [X]
  2019-11-27 18:54 - 2019-11-27 23:29 - 000000004 _____ C:\ProgramData\rc.dat
  2019-11-27 18:53 - 2019-11-27 23:30 - 000000004 _____ C:\ProgramData\lock.dat
  2019-11-27 18:53 - 2019-11-27 23:10 - 000000056 _____ C:\ProgramData\irw.atsd
  2019-11-27 18:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\IPJFH4JKHZ
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000008 _____ C:\ProgramData\ts.dat
  2019-11-27 18:53 - 2019-11-27 18:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xggzgvlsfut
  2019-11-26 15:25 - 2019-11-26 15:25 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl
  2019-11-26 15:15 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\JUIQYG9EOD
  2019-11-26 15:15 - 2019-11-26 15:15 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak
  2019-11-26 15:04 - 2019-11-26 15:05 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk
  2019-11-26 14:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\Y8AEA5ZTBW
  2019-11-26 14:53 - 2019-11-26 14:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bco2mddg4r1
  2019-11-26 14:42 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\D1O9U7J0B1
  2019-11-26 14:42 - 2019-11-26 14:42 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\u24yc2snotw
  2019-11-26 14:32 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\YQU2UKK1V9
  2019-11-26 14:32 - 2019-11-26 14:32 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr
  2019-11-26 14:23 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\EFPFJ7GM61
  2019-11-26 14:22 - 2019-11-26 14:23 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk
  2019-11-26 14:10 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\ZT9NCEXCAJ
  2019-11-26 14:00 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\QJ3CEGZCB0
  2019-11-26 14:00 - 2019-11-26 14:00 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn
  2019-11-26 13:49 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\K4RUKIW5PV
  2019-11-26 13:49 - 2019-11-26 13:49 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt
  2019-11-26 13:37 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\F5N3PJ8KIB
  2019-11-26 13:37 - 2019-11-26 13:37 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\eatapus41nh
  2019-11-26 13:27 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\RL9BDDHZUZ
  2019-11-26 13:27 - 2019-11-26 13:27 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\51n0j51ornz
  2019-11-26 13:16 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2WZXD4F86N
  2019-11-26 13:16 - 2019-11-26 13:16 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\530lw4d4wou
  2019-11-26 13:07 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\L40ZKRHTMW
  2019-11-26 13:07 - 2019-11-26 13:07 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh
  2019-11-26 12:56 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\LEMOQ9SXAM
  2019-11-26 12:56 - 2019-11-26 12:56 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd
  2019-11-26 12:50 - 2019-11-27 23:30 - 000000000 ____D C:\ProgramData\WIFIService
  2019-11-26 12:46 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\7IIVQBB6DF
  2019-11-26 12:46 - 2019-11-26 12:46 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs
  2019-11-26 12:44 - 2019-11-26 12:44 - 000003186 _____ C:\Windows\system32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947}
  2019-11-26 12:36 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\WN6Z5WTRQJ
  2019-11-26 12:36 - 2019-11-26 12:36 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1
  2019-11-26 12:31 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds
  2019-11-26 12:28 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\DRPSu
  2019-11-26 12:22 - 2019-11-28 19:01 - 000016712 _____ C:\Windows\system32\Tasks\gXlzblTuor
  2019-11-26 12:22 - 2019-11-28 18:55 - 000000422 __RSH C:\ProgramData\ntuser.pol
  2019-11-26 12:22 - 2019-11-26 12:22 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\ScreenToGif
  2019-11-26 12:22 - 2019-09-19 17:16 - 000000000 ____D C:\Program Files (x86)\gXlzblTuor
  2019-11-26 12:21 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2RSAIQOU2X
  2019-11-26 12:21 - 2019-11-26 12:21 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\1nky1jwt45z
  2019-11-26 12:06 - 2019-11-26 12:06 - 000050566 _____ C:\Users\Veronika\AppData\Roaming\yuhbgv.exe
  2019-11-25 18:39 - 2019-11-26 12:06 - 000511600 _____ (Michael P. Mehl <michael.mehl@web.de>) C:\Users\Veronika\AppData\Roaming\brtvecet4re.exe
  2019-11-25 18:33 - 2019-11-25 18:33 - 001997312 _____ C:\Users\Veronika\AppData\Roaming\4gtrecwr3t4g.exe
  2019-11-25 18:29 - 2019-11-25 18:29 - 000000000 ____D C:\ProgramData\LamiaR
  2019-11-25 07:42 - 2019-11-25 13:16 - 000000000 __SHD C:\Users\Veronika\wc
  2019-11-25 07:42 - 2019-11-25 07:42 - 000000000 __SHD C:\Users\Veronika\AppData\Roaming\wyUpdate AU
  2019-11-15 14:11 - 2019-11-15 14:11 - 000000000 ____D C:\Users\Veronika\AppData\Local\CEF
  2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\QMLogEx
  2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\ProgramData\TXQMPC
  2019-11-15 07:43 - 2019-11-15 14:26 - 000000000 ____D C:\ProgramData\Tencent
  2019-11-15 07:42 - 2019-10-27 16:35 - 000000000 ____D C:\9fcdaa2dcb4d0a4db689afc6cb48e1c8
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
  FirewallRules: [{459F3D1B-AD62-4573-92E1-1F3006647F14}] => (Allow) C:\Users\Veronika\AppData\Local\Temp\DriverPack-20191126122801\tools\aria2c.exe No File
  
  Hosts:
  EmptyTemp:
  End
  *****************
  
  Processes closed successfully.
  Restore point was successfully created.
  
  ========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
  
  
  
  Count : 11821
  Average :
  Sum : 52334458543
  Maximum :
  Minimum :
  Property : Length
  
  
  ========= End of Powershell: =========
  
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1518752920E9221E1FE1728AACAC536728B37BA7 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1B581436B0ED7536755B8B1C81112509A5AAF6ED => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\328E73F58737F1AB8DB0DA98FECFA17EB7BFAA40 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4E393AA1586C93E0BC9E7FEBCF7BFB62066DC22A => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4E564B9FBCE8F496FFF51278CCD14EE17F09A1CE => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\58939B78BC28EF464220127BB754E3D130306988 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5AACB6A43D9D806E6963937BE702B7A43C1978AE => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DE56B2BAAA995F447949B869356528F91230A49 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7450C07722C75E711EF24209A22F0C5C6A5BEC4E => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\78C55D604474B534EB2B565CAD312FC7D71FE9DE => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\816BE9397F66D1A26EFA04035BCA3BB9E3779740 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\8887AF2636E0D3B763AC4D56729218AF89653CA4 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\8B6DD299C6E4092040E98EB773F3818DF50B038D => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\8DC9FE53D5F1D7D558EBE131E922730780D88865 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A32249E9A6B9CF5C36B0749C81613524D37C594 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AA8399A239AE1785200917D32C21F6B662477BE4 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AEEA60E86C66327BFBB8492C33122687AB2B5D91 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B7E607E1FB8943C634580F621788C01C962E8280 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BDEEFEC5F002E281B2292A8C72EACA468CBF9952 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BE894F99B870DA5FCA623F7F4A85D3970A46CDE1 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BF9254919794C1075EA027889C5D304F1121C653 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E27AA5FFDCA62A60E435292A243D0C6D43DCC513 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E4A0C1054F8025DD88EE5053094A9A61661AE123 => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA => removed successfully
  HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => removed successfully
  HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\9760501" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\4841868" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\5584817" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\590287" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\5665255" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\7297948" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\2842562" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\8146983" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\2651579" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3207748" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\4302746" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\4312007" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\2875838" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3234451" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\454306" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\8750413" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\4316658" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\287421" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\9157455" => removed successfully
  "HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Windows\CurrentVersion\Run\\1573082" => removed successfully
  C:\Windows\system32\GroupPolicy\Machine => moved successfully
  C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
  HKLM\SOFTWARE\Policies\Google => removed successfully
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09198B41-0F32-466B-BE7C-FE258EDBEF8E}" => removed successfully
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09198B41-0F32-466B-BE7C-FE258EDBEF8E}" => removed successfully
  C:\Windows\System32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947} => moved successfully
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E19CFB28-FF11-41CE-971E-28CFC0AB2947}" => removed successfully
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9423663B-BB96-41A8-BBB2-C077893A92ED}" => removed successfully
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9423663B-BB96-41A8-BBB2-C077893A92ED}" => removed successfully
  C:\Windows\System32\Tasks\gXlzblTuor => moved successfully
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gXlzblTuor" => removed successfully
  HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
  HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
  HKLM\System\CurrentControlSet\Services\QMUdisk => removed successfully
  QMUdisk => service removed successfully
  HKLM\System\CurrentControlSet\Services\softaal => removed successfully
  softaal => service removed successfully
  HKLM\System\CurrentControlSet\Services\tsnethlpx64 => removed successfully
  tsnethlpx64 => service removed successfully
  C:\ProgramData\rc.dat => moved successfully
  C:\ProgramData\lock.dat => moved successfully
  C:\ProgramData\irw.atsd => moved successfully
  C:\Program Files\IPJFH4JKHZ => moved successfully
  C:\ProgramData\ts.dat => moved successfully
  C:\Users\Veronika\AppData\Roaming\xggzgvlsfut => moved successfully
  C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl => moved successfully
  C:\Program Files\JUIQYG9EOD => moved successfully
  C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak => moved successfully
  C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk => moved successfully
  C:\Program Files\Y8AEA5ZTBW => moved successfully
  C:\Users\Veronika\AppData\Roaming\bco2mddg4r1 => moved successfully
  C:\Program Files\D1O9U7J0B1 => moved successfully
  C:\Users\Veronika\AppData\Roaming\u24yc2snotw => moved successfully
  C:\Program Files\YQU2UKK1V9 => moved successfully
  C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr => moved successfully
  C:\Program Files\EFPFJ7GM61 => moved successfully
  C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk => moved successfully
  C:\Program Files\ZT9NCEXCAJ => moved successfully
  C:\Program Files\QJ3CEGZCB0 => moved successfully
  C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn => moved successfully
  C:\Program Files\K4RUKIW5PV => moved successfully
  C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt => moved successfully
  C:\Program Files\F5N3PJ8KIB => moved successfully
  C:\Users\Veronika\AppData\Roaming\eatapus41nh => moved successfully
  C:\Program Files\RL9BDDHZUZ => moved successfully
  C:\Users\Veronika\AppData\Roaming\51n0j51ornz => moved successfully
  C:\Program Files\2WZXD4F86N => moved successfully
  C:\Users\Veronika\AppData\Roaming\530lw4d4wou => moved successfully
  C:\Program Files\L40ZKRHTMW => moved successfully
  C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh => moved successfully
  C:\Program Files\LEMOQ9SXAM => moved successfully
  C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd => moved successfully
  C:\ProgramData\WIFIService => moved successfully
  C:\Program Files\7IIVQBB6DF => moved successfully
  C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs => moved successfully
  "C:\Windows\system32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947}" => not found
  C:\Program Files\WN6Z5WTRQJ => moved successfully
  C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1 => moved successfully
  C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds => moved successfully
  C:\Users\Veronika\AppData\Roaming\DRPSu => moved successfully
  "C:\Windows\system32\Tasks\gXlzblTuor" => not found
  C:\ProgramData\ntuser.pol => moved successfully
  C:\Users\Veronika\AppData\Roaming\ScreenToGif => moved successfully
  C:\Program Files (x86)\gXlzblTuor => moved successfully
  C:\Program Files\2RSAIQOU2X => moved successfully
  C:\Users\Veronika\AppData\Roaming\1nky1jwt45z => moved successfully
  C:\Users\Veronika\AppData\Roaming\yuhbgv.exe => moved successfully
  C:\Users\Veronika\AppData\Roaming\brtvecet4re.exe => moved successfully
  C:\Users\Veronika\AppData\Roaming\4gtrecwr3t4g.exe => moved successfully
  C:\ProgramData\LamiaR => moved successfully
  C:\Users\Veronika\wc => moved successfully
  C:\Users\Veronika\AppData\Roaming\wyUpdate AU => moved successfully
  C:\Users\Veronika\AppData\Local\CEF => moved successfully
  C:\Users\Veronika\AppData\Roaming\QMLogEx => moved successfully
  C:\ProgramData\TXQMPC => moved successfully
  C:\ProgramData\Tencent => moved successfully
  C:\9fcdaa2dcb4d0a4db689afc6cb48e1c8 => moved successfully
  HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => removed successfully
  HKLM\System\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => removed successfully
  "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{459F3D1B-AD62-4573-92E1-1F3006647F14}" => removed successfully
  C:\Windows\System32\Drivers\etc\hosts => moved successfully
  Hosts restored successfully.
  
  =========== EmptyTemp: ==========
  
  BITS transfer queue => 8388608 B
  DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2112732 B
  Java, Flash, Steam htmlcache => 0 B
  Windows/system/drivers => 372433696 B
  Edge => 0 B
  Chrome => 272955785 B
  Firefox => 0 B
  Opera => 0 B
  
  Temp, IE cache, history, cookies, recent:
  Users => 0 B
  Default => 66228 B
  Public => 66228 B
  ProgramData => 66228 B
  systemprofile => 58624634 B
  systemprofile32 => 58690990 B
  LocalService => 58823234 B
  NetworkService => 135255622 B
  Veronika => 321987372 B
  
  RecycleBin => 11373994 B
  EmptyTemp: => 1.2 GB temporary data Removed.
  
  ================================
  
  
  The system needed a reboot.
  
  ==== End of Fixlog 23:24:07 ====