Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola PC po viru

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
JiJi
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 16 pro 2005 16:41
Bydliště: Olomouc, ČR

Kontrola PC po viru

#1 Příspěvek od JiJi »

Dobrý den,
prosím o kontrolu PC na viry. Po upozornění mailu od seznamu.cz mi začali chodit do mailové schránky SPAMY. Moji IP adresu jsem našel na adrese dnsbl-3.uceprotect.net. Ztráta připojení na Datovou schránku.
Po jednání s providerem služby a výměně IP adresy je to snad dobré. Provedl jsem čištění PC proti virům asi deseti antiviráky. Něco našlo, ale přesto vás prosím o podrobnější posouzení.
15.5.2021 zaplacen příspěvek forumviry.cz
Děkuji
JiJi

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01 (ATTENTION: ====> FRSTversion is 1488 days old and could be outdated)
Ran by ctelu (administrator) on DESKTOP-4572A6I (14-05-2021 15:33:29)
Running from D:\Stazene soubory
Loaded Profiles: ctelu (Available Profiles: ctelu)
Platform: Windows 10 Home Version 2009 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Registry
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ALCPU) D:\Portable\CoreTemp64\Core Temp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Reason Software Company Inc.) D:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Reason Software Company Inc.) D:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
() C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
(Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(PortableApps.com) D:\Portable\TotalCommanderPortable\TotalCommanderPortable.exe
(Ghisler Software GmbH) D:\Portable\TotalCommanderPortable\App\totalcmd\TOTALCMD64.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lamantine Software a.s.) D:\Sticky Password\spNMHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [86016 2019-12-07] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab48-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab60-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74111c1c-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74112377-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {884b219b-5e63-11eb-8a4b-74d435902f3c} - "E:\autorun.exe"
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
Startup: C:\Users\ctelu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk [2021-01-26]
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{aeceb362-6011-4c62-b2c2-7b0bdbbb1948}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f9ae9aa0-7031-4513-9c82-829780013b20}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.56\BHO\ie_to_edge_bho_64.dll [2021-05-06] (Microsoft Corporation)
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.56\BHO\ie_to_edge_bho.dll [2021-05-06] (Microsoft Corporation)

Edge:
======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions [not found]

FireFox:
========
FF DefaultProfile: 14ez58gb.default-release
FF ProfilePath: Profiles/g50njofg.default-release-1-1618394918094 [not found]
FF ProfilePath: [InstallFBFDC14281998AFB]
Default=Profiles/g50njofg.default-release-1-1618394918094
Locked=1

[Profile1]
Name=default-release-1
IsRelative=1
Path=Profiles/g50njofg.default-release-1-1618394918094

[Profile0]
Name=default-release
IsRelative=1
Path=Profiles/14ez58gb.default-release
Default=1

[General]
StartWithLastProfile=1
Version=2

[Install4110BEA511158A6F]
Default=Profiles/14ez58gb.default-release
Locked=1

[not found]
FF ProfilePath: C:\Users\ctelu\AppData\Roaming\Mozilla\Firefox\Profiles\g50njofg.default-release-1-1618394918094 [2021-05-12]
FF ProfilePath: C:\Users\ctelu\AppData\Roaming\Mozilla\Firefox\Profiles\14ez58gb.default-release [2021-05-12]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AarSvc; C:\WINDOWS\System32\AarSvc.dll [473600 2021-04-29] (Microsoft Corporation)
S3 AarSvc; C:\WINDOWS\SysWOW64\AarSvc.dll [360448 2021-04-29] (Microsoft Corporation)
S3 AarSvc_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 AarSvc_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 autotimesvc; C:\WINDOWS\System32\autotimesvc.dll [114176 2021-01-13] (Microsoft Corporation)
S3 BcastDVRUserService; C:\WINDOWS\System32\BcastDVRUserService.dll [1384448 2021-02-03] (Microsoft Corporation)
S3 BcastDVRUserService_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 BcastDVRUserService_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
S3 BluetoothUserService; C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll [500736 2021-01-13] (Microsoft Corporation)
S3 BluetoothUserService_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 BluetoothUserService_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [247296 2020-12-01] (Microsoft Corporation)
S3 BTAGService; C:\WINDOWS\System32\BTAGService.dll [1023488 2021-01-13] (Microsoft Corporation)
S3 BTAGService; C:\WINDOWS\SysWOW64\BTAGService.dll [733696 2021-01-13] (Microsoft Corporation)
R3 BthAvctpSvc; C:\WINDOWS\System32\BthAvctpSvc.dll [392192 2021-01-13] (Microsoft Corporation)
S3 camsvc; C:\WINDOWS\system32\CapabilityAccessManager.dll [391168 2021-01-13] (Microsoft Corporation)
S3 CaptureService; C:\WINDOWS\System32\CaptureService.dll [130560 2021-02-03] (Microsoft Corporation)
S3 CaptureService_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 CaptureService_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [1024000 2021-02-03] (Microsoft Corporation)
R3 cbdhsvc_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
R3 cbdhsvc_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [170496 2021-01-13] (Microsoft Corporation)
S3 ConsentUxUserSvc_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 ConsentUxUserSvc_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
S3 CredentialEnrollmentManagerUserSvc; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [388888 2021-02-27] (Microsoft Corporation)
S3 CredentialEnrollmentManagerUserSvc_1eb24; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [388888 2021-02-27] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc; C:\WINDOWS\System32\deviceaccess.dll [240688 2021-01-13] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc; C:\WINDOWS\SysWOW64\deviceaccess.dll [188536 2021-01-13] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\System32\Windows.Devices.Picker.dll [482816 2021-03-30] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll [342016 2021-03-30] (Microsoft Corporation)
S3 DevicePickerUserSvc_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 DevicePickerUserSvc_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [598016 2021-04-29] (Microsoft Corporation)
S3 DevicesFlowUserSvc_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 DevicesFlowUserSvc_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
S3 diagsvc; C:\WINDOWS\system32\DiagSvc.dll [237056 2021-02-03] (Microsoft Corporation)
R2 DispBrokerDesktopSvc; C:\WINDOWS\System32\DispBroker.Desktop.dll [382976 2021-04-29] (Microsoft Corporation)
S3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [1192448 2021-03-30] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [341504 2019-12-07] (Microsoft Corporation)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [213392 2020-09-27] (Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [213392 2020-09-27] (Microsoft Corporation)
S3 GraphicsPerfSvc; C:\WINDOWS\System32\GraphicsPerfSvc.dll [106496 2021-01-13] (Microsoft Corporation)
R3 InstallService; C:\WINDOWS\system32\InstallService.dll [2434560 2021-03-30] (Microsoft Corporation)
R3 InstallService; C:\WINDOWS\SysWOW64\InstallService.dll [1841152 2021-03-30] (Microsoft Corporation)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [66048 2019-12-07] (Microsoft Corporation)
S3 LxpSvc; C:\WINDOWS\System32\LanguageOverlayServer.dll [302080 2021-01-13] (Microsoft Corporation)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.56\elevation_service.exe [1567632 2021-05-06] (Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\WINDOWS\System32\MixedRealityRuntime.dll [134768 2021-01-13] (Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\WINDOWS\SysWOW64\MixedRealityRuntime.dll [104824 2021-01-13] (Microsoft Corporation)
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [454656 2021-01-13] (Microsoft Corporation)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [106496 2021-01-13] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\System32\PrintWorkflowService.dll [182272 2021-02-03] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\SysWOW64\PrintWorkflowService.dll [138752 2021-02-03] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
S3 PushToInstall; C:\WINDOWS\system32\PushToInstall.dll [281088 2021-01-13] (Microsoft Corporation)
R3 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [987552 2021-04-29] (Microsoft Corporation)
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1223680 2021-01-13] (Microsoft Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\SgrmBroker.exe [329504 2020-10-09] (Microsoft Corporation)
S3 SharedRealitySvc; C:\WINDOWS\System32\SharedRealitySvc.dll [307200 2021-01-13] (Microsoft Corporation)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [877056 2021-04-29] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [382976 2021-04-29] ()
R3 TokenBroker; C:\WINDOWS\System32\TokenBroker.dll [1522688 2021-02-03] (Microsoft Corporation)
R3 TokenBroker; C:\WINDOWS\SysWOW64\TokenBroker.dll [1234944 2021-02-03] (Microsoft Corporation)
S3 TroubleshootingSvc; C:\WINDOWS\system32\MitigationClient.dll [418816 2021-01-13] (Microsoft Corporation)
S3 tzautoupdate; C:\WINDOWS\SysWOW64\tzautoupdate.dll [73728 2021-01-13] (Microsoft Corporation)
S3 UdkUserSvc; C:\WINDOWS\System32\windowsudk.shellcommon.dll [2111488 2021-02-27] (Microsoft Corporation)
S3 UdkUserSvc_1eb24; C:\WINDOWS\system32\svchost.exe [57360 2020-10-09] (Microsoft Corporation)
S3 UdkUserSvc_1eb24; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-09] (Microsoft Corporation)
S4 uhssvc; C:\Program Files\Microsoft Update Health Tools\uhssvc.exe [331064 2021-03-23] (Microsoft Corporation)
R2 unchecky; D:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2020-07-26] (Reason Software Company Inc.)
R2 UsoSvc; C:\WINDOWS\system32\usosvc.dll [569856 2021-04-29] (Microsoft Corporation)
S3 VacSvc; C:\WINDOWS\System32\vac.dll [382720 2021-02-03] (Microsoft Corporation)
S3 WaaSMedicSvc; C:\WINDOWS\System32\WaaSMedicSvc.dll [407552 2020-12-01] (Microsoft Corporation)
S3 WarpJITSvc; C:\WINDOWS\System32\Windows.WARP.JITService.dll [65536 2019-12-07] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [675840 2019-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Corporation)
S3 wisvc; C:\WINDOWS\SysWOW64\flightsettings.dll [751992 2021-01-13] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1253888 2021-01-13] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [941056 2021-04-29] (Microsoft Corporation)
S3 WpcMonSvc; C:\WINDOWS\System32\WpcDesktopMonSvc.dll [1876480 2021-04-29] (Microsoft Corporation)
S3 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [72704 2021-02-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Acx01000; C:\WINDOWS\System32\drivers\Acx01000.sys [415232 2019-12-07] (Microsoft Corporation)
R1 afunix; C:\WINDOWS\system32\drivers\afunix.sys [41984 2020-10-09] (Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2020-10-09] (Microsoft Corporation)
R3 ALSysIO; C:\Users\ctelu\AppData\Local\Temp\ALSysIO64.sys [47240 2021-05-14] (Arthur Liberman) <==== ATTENTION
S3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [18432 2019-12-07] (Advanced Micro Devices, Inc)
S3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [45568 2019-12-07] (Advanced Micro Devices, Inc)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107936 2020-08-11] (Advanced Micro Devices)
R1 bam; C:\WINDOWS\System32\drivers\bam.sys [78136 2019-12-07] (Microsoft Corporation)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys [68608 2021-03-17] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys [38912 2021-03-17] (Microsoft Corporation)
R2 bindflt; C:\WINDOWS\system32\drivers\bindflt.sys [148816 2021-04-29] (Microsoft Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-10-09] (Microsoft Corporation) [File not signed]
S3 BthLEEnum; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [106496 2020-10-09] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [45568 2021-05-11] (Microsoft Corporation)
S0 bttflt; C:\WINDOWS\System32\drivers\bttflt.sys [43832 2019-12-07] (Microsoft Corporation)
S3 CAD; C:\WINDOWS\System32\drivers\CAD.sys [66576 2019-12-07] (Microsoft Corporation)
R1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [91136 2021-02-27] ()
R2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [495616 2021-04-29] (Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd.)
S3 genericusbfn; C:\WINDOWS\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [23040 2019-12-07] (Microsoft Corporation)
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [66560 2019-12-07] (Microsoft Corporation)
S4 hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [35128 2019-12-07] (Microsoft Corporation)
S3 HwNClx0101; C:\WINDOWS\System32\Drivers\mshwnclx.sys [30208 2019-12-07] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [93184 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [175104 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [177152 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2019-12-07] (Intel Corporation)
S0 iaStorAVC; C:\WINDOWS\System32\drivers\iaStorAVC.sys [884752 2019-12-07] (Intel Corporation)
S3 intelpmax; C:\WINDOWS\System32\drivers\intelpmax.sys [30720 2019-12-07] (Microsoft Corporation)
S3 IPT; C:\WINDOWS\System32\drivers\ipt.sys [59704 2019-12-07] (Microsoft Corporation)
S0 ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [172344 2019-12-07] (Avago Technologies)
S3 mausbhost; C:\WINDOWS\System32\drivers\mausbhost.sys [537608 2019-12-07] (Microsoft Corporation)
S3 mausbip; C:\WINDOWS\System32\drivers\mausbip.sys [64016 2019-12-07] (Microsoft Corporation)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [386048 2020-10-09] (Microsoft Corporation)
S0 megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [105480 2019-12-07] (Avago Technologies)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [65024 2019-12-07] (Microsoft Corporation)
R3 MsQuic; C:\WINDOWS\System32\drivers\msquic.sys [322376 2020-10-09] (Microsoft Corporation)
S3 NDKPing; C:\WINDOWS\System32\drivers\NDKPing.sys [72720 2019-12-07] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [207360 2021-02-03] (Microsoft Corporation)
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2019-12-07] (MediaTek Inc.)
S0 nvdimm; C:\WINDOWS\System32\drivers\nvdimm.sys [168464 2019-12-07] (Microsoft Corporation)
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [129872 2021-04-14] (Microsoft Corporation)
S0 pmem; C:\WINDOWS\System32\drivers\pmem.sys [138040 2019-12-07] (Microsoft Corporation)
S3 portcfg; C:\WINDOWS\System32\drivers\portcfg.sys [27136 2019-12-07] (Microsoft Corporation)
S0 Ramdisk; C:\WINDOWS\System32\DRIVERS\ramdisk.sys [42296 2019-12-07] (Microsoft Corporation)
S3 rhproxy; C:\WINDOWS\System32\drivers\rhproxy.sys [115712 2019-12-07] (Microsoft Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Resplendence Software Projects Sp.)
S3 rspMmFs; C:\WINDOWS\System32\DRIVERS\rspMmFs64.sys [20224 2016-12-08] (Resplendence Software Projects Sp.)
S3 rspMon; C:\WINDOWS\System32\DRIVERS\rspMon64.sys [27392 2016-12-08] (Resplendence Software Projects Sp.)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Resplendence Software Projects Sp.)
S3 rspUndeluxe; C:\WINDOWS\System32\DRIVERS\rspUnd64.sys [25856 2018-12-05] (Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1171552 2020-11-15] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [443176 2020-10-30] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [35128 2019-12-07] (Microsoft Corporation)
R0 SgrmAgent; C:\WINDOWS\System32\drivers\SgrmAgent.sys [88080 2019-12-07] (Microsoft Corporation)
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [209720 2019-12-07] (Microsemi Corportation)
S3 spaceparser; C:\WINDOWS\System32\drivers\spaceparser.sys [26624 2019-12-07] (Microsoft Corporation)
S3 SpatialGraphFilter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [90936 2019-12-07] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd.)
S3 tap640$T; C:\WINDOWS\System32\drivers\tap640$T.sys [49920 2020-08-22] (The OpenVPN Project)
R0 Telemetry; C:\WINDOWS\System32\drivers\IntelTA.sys [26608 2020-10-09] (Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [36864 2019-12-07] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [113152 2020-10-09] (Microsoft Corporation)
S3 UEFI; C:\WINDOWS\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys [34104 2019-12-07] (Microsoft Corporation)
S3 UfxChipidea; C:\WINDOWS\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys [110608 2019-12-07] (Microsoft Corporation)
R3 umbus; C:\WINDOWS\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys [58368 2019-12-07] (Microsoft Corporation)
S3 UrsChipidea; C:\WINDOWS\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys [32056 2019-12-07] (Microsoft Corporation)
S3 UrsSynopsys; C:\WINDOWS\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys [29496 2019-12-07] (Microsoft Corporation)
S3 usbaudio2; C:\WINDOWS\System32\drivers\usbaudio2.sys [260608 2019-12-07] (Microsoft Corporation)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2020-10-09] (Microsoft Corporation)
S3 VirtualRender; C:\WINDOWS\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys [11264 2019-12-07] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [23560 2019-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [259584 2021-03-17] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [53912 2020-08-04] (Intel Corporation)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: InstallService -> C:\Windows\system32\InstallService.dll (Microsoft Corporation)
NETSVC: PushToInstall -> C:\Windows\system32\PushToInstall.dll (Microsoft Corporation)
NETSVC: TroubleshootingSvc -> C:\Windows\system32\MitigationClient.dll (Microsoft Corporation)
NETSVC: LxpSvc -> C:\Windows\System32\LanguageOverlayServer.dll (Microsoft Corporation)
NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)
NETSVC: TokenBroker -> C:\Windows\System32\TokenBroker.dll (Microsoft Corporation)
NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)
NETSVC: XboxGipSvc -> C:\Windows\System32\XboxGipSvc.dll (Microsoft Corporation)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-14 15:33 - 2021-05-14 15:33 - 00000000 ____D C:\FRST
2021-05-13 18:22 - 2021-05-13 18:22 - 00000000 ____D C:\Users\ctelu\AppData\Roaming\Bitwarden
2021-05-13 17:13 - 2021-05-13 17:13 - 00000000 ____D C:\Users\ctelu\AppData\Local\bitwarden-updater
2021-05-11 20:07 - 2021-05-11 20:07 - 26269184 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 24272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 23449088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 19866624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 18080768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 17544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 14759936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 10848576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2021-05-11 20:07 - 2021-05-11 20:07 - 10352424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 08897784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 08238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 07110656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 04901888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 04795256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 03901440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 03869184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 03815936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 03557104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 02990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 02916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 02750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 02520056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 02251264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 02039632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 01768272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 01575744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 01570616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2021-05-11 20:07 - 2021-05-11 20:07 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 01548600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 01352752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 01349432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 01314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 01268040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2021-05-11 20:07 - 2021-05-11 20:07 - 01215800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2021-05-11 20:07 - 2021-05-11 20:07 - 01126080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00951368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00831544 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00805184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2021-05-11 20:07 - 2021-05-11 20:07 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00606888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 00577848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00502600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2021-05-11 20:07 - 2021-05-11 20:07 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00429712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00266992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00220496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00132728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00129112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2021-05-11 20:07 - 2021-05-11 20:07 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2021-05-11 20:07 - 2021-05-11 20:07 - 00092944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00070968 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameInput.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpapi.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00061752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameInput.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2021-05-11 20:07 - 2021-05-11 20:07 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIDiag.exe
2021-05-11 20:07 - 2021-05-11 20:07 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2021-05-11 20:07 - 2021-05-11 20:07 - 00011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-11 20:01 - 2021-04-29 05:52 - 00495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2021-05-11 20:01 - 2021-04-29 04:49 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2021-05-10 09:52 - 2021-05-10 09:52 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2021-05-10 09:50 - 2021-05-10 09:56 - 00000000 ____D C:\Program Files\Rainmeter
2021-05-10 09:37 - 2021-05-10 09:37 - 00000000 ____D C:\AMD
2021-05-09 22:17 - 2021-05-13 19:13 - 00002914 _____ C:\WINDOWS\System32\Tasks\Core Temp Autostart ctelu
2021-05-06 08:51 - 2021-05-13 10:53 - 00007625 _____ C:\Users\ctelu\AppData\Local\Resmon.ResmonCfg
2021-05-04 15:16 - 2021-05-08 12:24 - 00004204 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2021-05-02 10:50 - 2021-05-02 15:38 - 00000000 ____D C:\Program Files\Malwarebytes
2021-05-01 17:54 - 2021-05-01 17:56 - 00000000 ____D C:\KRD2018_Data
2021-05-01 13:43 - 2021-05-01 13:43 - 00000000 ____D C:\ProgramData\Panda Security
2021-05-01 13:40 - 2021-05-01 15:50 - 00000000 ____D C:\Users\ctelu\AppData\Local\FSDART
2021-05-01 13:40 - 2021-05-01 13:42 - 00000000 ____D C:\ProgramData\F-Secure
2021-04-29 07:39 - 2021-04-29 07:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 18767872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 08016624 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 07968552 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 07636496 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 07632896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 06432768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 06363264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 06361600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 06187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 06001736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 05752264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 04826160 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 04744192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 04731904 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 04372640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 04223912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 03938816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 03824184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 03812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 03785040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 03749376 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 03597824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 03378392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 03178320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 03142656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 03093504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02919280 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02852680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 02810808 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-29 07:36 - 2021-04-29 07:36 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-29 07:36 - 2021-04-29 07:36 - 02753536 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02495288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02454016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02268968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02204160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02179632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02100112 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02024728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02007552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02007376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 02004304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 01956864 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01876480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-29 07:36 - 2021-04-29 07:36 - 01768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01696776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01686528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01646592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01571328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConstraintIndex.Search.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01542144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MoUsoCoreWorker.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 01475904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 01427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01415168 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 01393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-29 07:36 - 2021-04-29 07:36 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01372672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01332552 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-29 07:36 - 2021-04-29 07:36 - 01294376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01209856 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01177632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 01163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-29 07:36 - 2021-04-29 07:36 - 01139512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01129048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01126400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01092608 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01090360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2021-04-29 07:36 - 2021-04-29 07:36 - 01042248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01037824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01015928 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 01001472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00995840 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00987552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00984416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00943432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00934912 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00915824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00904528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2021-04-29 07:36 - 2021-04-29 07:36 - 00884744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00882176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00875008 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00860464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00852296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00845496 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00809288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00787624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00764728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00753592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00748032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00713544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\agentactivationruntime.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\system32\quickassist.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00653136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2021-04-29 07:36 - 2021-04-29 07:36 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\agentactivationruntimewindows.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00637376 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.ConversationalAgent.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00622592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00603984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00603464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00587248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\authfwcfg.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00548520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00543888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\IESettingSync.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quickassist.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00522040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00509256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2021-04-29 07:36 - 2021-04-29 07:36 - 00495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00469304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2021-04-29 07:36 - 2021-04-29 07:36 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00456080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00454968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00449856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00427128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServerClient.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00389456 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshipsec.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authfwcfg.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00363056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AarSvc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00352816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FrameServerClient.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2021-04-29 07:36 - 2021-04-29 07:36 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshipsec.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.shareexperience.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Graphics.Display.DisplayColorManagement.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApproveChildRequest.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.CapturePicker.Desktop.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AnalogShell.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00187704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Graphics.Display.DisplayColorManagement.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00186488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00180024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskpart.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00155976 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskpart.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00148816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrahc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00135480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2021-04-29 07:36 - 2021-04-29 07:36 - 00133432 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fphc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00118600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00118096 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00118088 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00116552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sbp2port.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00106312 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindfltapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00103736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00102728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwmdmcsp.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipsec.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00101296 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00098120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fphc.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00095056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00095032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorClass.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\remotepg.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvvmtransport.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00086840 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00086344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remotepg.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mskeyprotect.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvvmtransport.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipsec.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.PlatformExtension.DevicePickerExperience.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00060728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwcfg.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.PlatformExtension.MiracastBannerExperience.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagnosticdataquery.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mskeyprotect.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwcfg.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2021-04-29 07:36 - 2021-04-29 07:36 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00036176 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00033080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerClient.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CheckNetIsolation.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CheckNetIsolation.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregtask.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00021328 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsregtask.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00017232 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAppsRes.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAppsRes.dll
2021-04-27 15:33 - 2021-04-27 15:33 - 00000000 ____D C:\Users\ctelu\AppData\Local\NPE
2021-04-27 15:33 - 2021-04-27 15:33 - 00000000 ____D C:\ProgramData\Norton
2021-04-18 18:00 - 2021-04-18 18:00 - 00000000 ____D C:\Users\ctelu\AppData\Local\eM Client
2021-04-17 16:07 - 2021-05-09 09:56 - 00000000 ____D C:\Users\ctelu\AppData\Local\ESET
2021-04-17 05:37 - 2021-04-17 05:38 - 00000000 ____D C:\Users\ctelu\AppData\Local\BraveSoftware
2021-04-14 09:46 - 2021-04-14 09:46 - 32612872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 31598920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 03506992 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 03294208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 02660352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 02637728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 02523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2021-04-14 09:46 - 2021-04-14 09:46 - 02254544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2021-04-14 09:46 - 2021-04-14 09:46 - 01871256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01784496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01726464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01618168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01556192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 01510296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01461760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01394016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01220520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01174864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01075880 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\opengl32.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 01000272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\opengl32.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00920904 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00896064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00895072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00872784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00829496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00764976 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00763392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00714856 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00678200 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcIsoCtnr.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00632536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00588312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiagn.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiagn.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00382792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00308048 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcat.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\directxdatabaseupdater.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00250192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\onex.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgiadaptercache.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00234296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00229192 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdevicehost.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\onex.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cflapi.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhshl.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbsapi.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhmanagew.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcwutl.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PktMon.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvc.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\cxcredprov.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvHelper.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00090960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvHelper.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchapi.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhevents.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchph.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00069968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00068432 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhlisten.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhtask.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00057160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\condrv.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcleanup.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Apphlpdm.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00031544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvcctl.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Apphlpdm.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcwrun.exe
2021-04-14 09:46 - 2021-04-14 09:46 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2021-04-14 09:46 - 2021-04-14 09:46 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2021-04-14 09:46 - 2021-04-14 09:46 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-14 15:29 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\AppReadiness
2021-05-14 15:27 - 2019-12-07 11:14 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-14 15:18 - 2020-10-21 18:23 - 00005858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-14 15:18 - 2019-12-07 16:41 - 02716370 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-14 15:18 - 2019-12-07 16:41 - 02086906 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-14 15:18 - 2019-12-07 11:13 - 00000000 ____D C:\WINDOWS\INF
2021-05-14 15:14 - 2021-01-13 19:45 - 00008192 ___SH C:\DumpStack.log.tmp
2021-05-14 15:14 - 2020-09-27 09:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-14 11:16 - 2020-07-25 17:21 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-05-14 11:16 - 2019-12-07 11:03 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-14 11:13 - 2020-09-27 07:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-14 09:03 - 2020-12-05 14:39 - 00000000 ____D C:\Users\ctelu\AppData\Roaming\Mozilla
2021-05-14 09:03 - 2020-07-25 21:57 - 00000000 ____D C:\Users\ctelu\AppData\Roaming\Thunderbird
2021-05-14 08:50 - 2020-09-27 09:51 - 00000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-13 07:48 - 2019-12-07 11:14 - 00000000 ___HD C:\Program Files\WindowsApps
2021-05-13 07:44 - 2020-07-25 21:57 - 00000000 ____D C:\ProgramData\Mozilla
2021-05-12 17:45 - 2020-09-26 12:05 - 00000000 ____D C:\Users\ctelu\AppData\Local\CrashDumps
2021-05-12 17:04 - 2020-07-25 17:46 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-11 20:12 - 2020-09-27 07:50 - 00267512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-11 20:12 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\SystemResources
2021-05-11 20:12 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\bcastdvr
2021-05-11 20:08 - 2019-12-07 11:03 - 00000000 ____D C:\WINDOWS\CbsTemp
2021-05-11 19:58 - 2020-07-25 17:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2021-05-10 09:38 - 2020-08-11 15:45 - 00000000 ____D C:\Program Files (x86)\AMD
2021-05-08 21:21 - 2020-09-27 09:53 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-08 15:32 - 2020-10-21 18:16 - 00000000 ____D C:\Users\ctelu
2021-05-04 15:19 - 2020-07-25 17:08 - 00000000 ____D C:\Users\ctelu\AppData\Local\GHISLER
2021-05-04 15:12 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\system32\NDF
2021-05-03 11:08 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-01 12:35 - 2020-07-25 16:56 - 00000000 ____D C:\ProgramData\Package Cache
2021-04-30 11:16 - 2020-09-26 11:36 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-04-29 07:58 - 2019-12-07 11:14 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-29 07:55 - 2019-12-07 16:42 - 00000000 ____D C:\WINDOWS\system32\OpenSSH
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ___RD C:\WINDOWS\PrintDialog
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\system32\setup
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\system32\oobe
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\system32\Dism
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\Provisioning
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-29 07:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\DiagTrack
2021-04-29 07:19 - 2021-02-27 12:09 - 00000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-27 06:42 - 2021-01-13 20:20 - 00000000 ____D C:\WINDOWS\Panther
2021-04-26 09:43 - 2021-03-25 15:58 - 00000000 ____D C:\Users\ctelu\AppData\Local\ElevatedDiagnostics
2021-04-26 08:15 - 2020-09-27 09:53 - 00003584 _____ C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 08:15 - 2020-09-27 09:53 - 00003460 _____ C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-20 04:56 - 2020-07-27 21:54 - 00000000 ____D C:\Users\ctelu\AppData\Local\D3DSCache
2021-04-14 09:48 - 2019-12-07 11:14 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs

==================== Files in the root of some directories =======

2021-05-06 08:51 - 2021-05-13 10:53 - 0007625 _____ () C:\Users\ctelu\AppData\Local\Resmon.ResmonCfg
2020-07-25 17:13 - 2020-07-25 17:13 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\ctelu\en_res.dll
C:\Users\ctelu\es_res.dll
C:\Users\ctelu\fr_res.dll
C:\Users\ctelu\grm_res.dll
C:\Users\ctelu\it_res.dll
C:\Users\ctelu\jp_res.dll
C:\Users\ctelu\mfc80u.dll
C:\Users\ctelu\msvcr80.dll
C:\Users\ctelu\PCPE Setup.exe
C:\Users\ctelu\pt_res.dll
C:\Users\ctelu\ResourceReader.dll
C:\Users\ctelu\ru_res.dll
C:\Users\ctelu\zh_res.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\version_IObitDel.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION

==================== End of FRST.txt ============================

info.txt logfile of random's system information tool 1.10 2021-05-14 15:51:49

======MBR======

0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E6C43F41000000000200EEFEBFC001000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

AMD Catalyst Install Manager-->msiexec /q/x{66AFB595-BC05-2913-7696-6D58F9B733E1} REBOOT=ReallySuppress
AMD Quick Stream-->"C:\Program Files\AMD Quick Stream\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47}
Microsoft Edge-->"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.56\Installer\setup.exe" --uninstall --msedge --system-level --verbose-logging
Microsoft Mouse and Keyboard Center-->C:\Program Files\Microsoft Mouse and Keyboard Center\setup.exe /uninstall
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Update Health Tools-->MsiExec.exe /X{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664-->"C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664-->"C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664-->MsiExec.exe /X{010792BA-551A-3AC0-A7EF-0FAB4156C382}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664-->MsiExec.exe /X{53CF6934-A98D-3D84-9146-FC4EDF3D5641}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664-->MsiExec.exe /X{D401961D-3A20-3AC7-943B-6139D5BD490A}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664-->MsiExec.exe /X{8122DAB1-ED4D-3676-BB0A-CA368196543E}
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127-->"C:\ProgramData\Package Cache\{282975d8-55fe-4991-bbbb-06a72581ce58}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127-->"C:\ProgramData\Package Cache\{e31cb1a4-76b5-46a5-a084-3fa419e82201}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127-->MsiExec.exe /I{8678BA04-D161-45BE-ACA4-CC5D13073F35}
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127-->MsiExec.exe /I{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127-->MsiExec.exe /I{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127-->MsiExec.exe /I{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}
Microsoft XNA Framework Redistributable 4.0 Refresh-->MsiExec.exe /I{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
Unchecky v1.2-->"D:\Program Files (x86)\Unchecky\Uninstall.exe"
Základní software zařízení HP Deskjet 2050 J510 series-->MsiExec.exe /I{F61FD928-A74D-4AF9-9667-BE2BB6F2C386}

======Hosts File======

0.0.0.0 analytics.ff.avast.com
0.0.0.0 analytics.ns1.ff.avast.com
0.0.0.0 v7event.stats.avcdn.net
0.0.0.0 v7.stats.avcdn.net
0.0.0.0 flow.lavasoft.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 ws.mcafee.com
0.0.0.0 analytics.ccs.mcafee.com
0.0.0.0 analyticsdcs.ccs.mcafee.com
0.0.0.0 carcharodon.trendmicro.com

======System event log======

Computer Name: DESKTOP-4572A6I
Event Code: 55
Message: Procesor 2 ve skupině 0 vykazuje následující funkce řízení spotřeby:

Typ stavu nečinnosti: Stavy nečinnosti standardu ACPI (C) (počet stavů: 2)

Typ stavu výkonu: Výkon standardu ACPI (P) / stavy omezovače (T)
Nominální frekvence (MHz): 4100
Procento maximálního výkonu: 100
Procento minimálního výkonu: 48
Procento minimálního omezovače: 48
Record Number: 28833
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20210111135315.879976-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: DESKTOP-4572A6I
Event Code: 55
Message: Procesor 1 ve skupině 0 vykazuje následující funkce řízení spotřeby:

Typ stavu nečinnosti: Stavy nečinnosti standardu ACPI (C) (počet stavů: 2)

Typ stavu výkonu: Výkon standardu ACPI (P) / stavy omezovače (T)
Nominální frekvence (MHz): 4100
Procento maximálního výkonu: 100
Procento minimálního výkonu: 48
Procento minimálního omezovače: 48
Record Number: 28832
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20210111135315.879218-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: DESKTOP-4572A6I
Event Code: 55
Message: Procesor 0 ve skupině 0 vykazuje následující funkce řízení spotřeby:

Typ stavu nečinnosti: Stavy nečinnosti standardu ACPI (C) (počet stavů: 2)

Typ stavu výkonu: Výkon standardu ACPI (P) / stavy omezovače (T)
Nominální frekvence (MHz): 4100
Procento maximálního výkonu: 100
Procento minimálního výkonu: 48
Procento minimálního omezovače: 48
Record Number: 28831
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20210111135315.878327-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: DESKTOP-4572A6I
Event Code: 24
Message: Informace o časovém pásmu byly aktualizovány s důvodem pro ukončení 0. Aktuální posun časového pásma je -60.
Record Number: 28830
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20210111135308.115734-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: DESKTOP-4572A6I
Event Code: 15
Message: Uspořádání podregistru \SystemRoot\System32\Config\SOFTWARE bylo změněno. Počáteční hodnota byla 74522624 B a konečná hodnota 74485760 B.
Record Number: 28829
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20210111135308.080037-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: DESKTOP-4572A6I
Event Code: 6000
Message: Odběratel oznámení přihlašování do systému Windows <SessionEnv> nemohl zpracovat událost upozornění.
Record Number: 8088
Source Name: Microsoft-Windows-Winlogon
Time Written: 20201128133423.183397-000
Event Type: Informace
User:

Computer Name: DESKTOP-4572A6I
Event Code: 6000
Message: Odběratel oznámení přihlašování do systému Windows <WSearch> nemohl zpracovat událost upozornění.
Record Number: 8087
Source Name: Microsoft-Windows-Winlogon
Time Written: 20201128133423.183397-000
Event Type: Informace
User:

Computer Name: DESKTOP-4572A6I
Event Code: 16384
Message: Restartování služby Ochrana softwaru bylo úspěšně naplánováno na 2120-11-04T12:38:45Z. Důvod: RulesEngine
Record Number: 8086
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20201128123845.650204-000
Event Type: Informace
User:

Computer Name: DESKTOP-4572A6I
Event Code: 15
Message: Stav Windows Defender se úspěšně aktualizoval na SECURITY_PRODUCT_STATE_ON.
Record Number: 8085
Source Name: SecurityCenter
Time Written: 20201128123821.665826-000
Event Type: Informace
User:

Computer Name: DESKTOP-4572A6I
Event Code: 16394
Message: Migrace do offline režimu nižší úrovně byla úspěšná.
Record Number: 8084
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20201128123807.369053-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: DESKTOP-4572A6I
Event Code: 5158
Message: Platforma Windows Filtering Platform umožnila vazbu na místní port.

Informace o aplikaci:
ID procesu: 836
Název aplikace: \device\harddiskvolume4\program files (x86)\microsoft\edge\application\msedge.exe

Informace o síti:
Zdrojová adresa: ::
Zdrojový port: 52783
Protokol: 6

Informace o filtru:
ID filtru za běhu: 0
Název vrstvy: Přiřazení prostředků
ID vrstvy za běhu: 38
Record Number: 1161741
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20210513172213.924141-000
Event Type: Úspěšný audit
User:

Computer Name: DESKTOP-4572A6I
Event Code: 5158
Message: Platforma Windows Filtering Platform umožnila vazbu na místní port.

Informace o aplikaci:
ID procesu: 836
Název aplikace: \device\harddiskvolume4\program files (x86)\microsoft\edge\application\msedge.exe

Informace o síti:
Zdrojová adresa: ::
Zdrojový port: 52783
Protokol: 6

Informace o filtru:
ID filtru za běhu: 0
Název vrstvy: Přiřazení prostředků
ID vrstvy za běhu: 36
Record Number: 1161740
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20210513172213.924132-000
Event Type: Úspěšný audit
User:

Computer Name: DESKTOP-4572A6I
Event Code: 5156
Message: Platforma Windows Filtering Platform povolila připojení.

Informace o aplikaci:
ID procesu: 2232
Název aplikace: \device\harddiskvolume4\windows\system32\svchost.exe

Informace o síti:
Směr: Odchozí
Zdrojová adresa: 2a00:1028:da00:1b5:54f9:c7c9:8c6a:c44e
Zdrojový port: 64493
Cílová adresa: 2a00:1028:1:910::1
Cílový port: 53
Protokol: 17

Informace o filtru:
ID filtru za běhu: 71004
Název vrstvy: Připojit
ID vrstvy za běhu: 50
Record Number: 1161739
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20210513172213.892270-000
Event Type: Úspěšný audit
User:

Computer Name: DESKTOP-4572A6I
Event Code: 5158
Message: Platforma Windows Filtering Platform umožnila vazbu na místní port.

Informace o aplikaci:
ID procesu: 2232
Název aplikace: \device\harddiskvolume4\windows\system32\svchost.exe

Informace o síti:
Zdrojová adresa: ::
Zdrojový port: 64493
Protokol: 17

Informace o filtru:
ID filtru za běhu: 0
Název vrstvy: Přiřazení prostředků
ID vrstvy za běhu: 38
Record Number: 1161738
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20210513172213.891986-000
Event Type: Úspěšný audit
User:

Computer Name: DESKTOP-4572A6I
Event Code: 5158
Message: Platforma Windows Filtering Platform umožnila vazbu na místní port.

Informace o aplikaci:
ID procesu: 2232
Název aplikace: \device\harddiskvolume4\windows\system32\svchost.exe

Informace o síti:
Zdrojová adresa: ::
Zdrojový port: 64493
Protokol: 17

Informace o filtru:
ID filtru za běhu: 0
Název vrstvy: Přiřazení prostředků
ID vrstvy za běhu: 36
Record Number: 1161737
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20210513172213.891934-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=21
"PROCESSOR_IDENTIFIER"=AMD64 Family 21 Model 19 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=1301
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static
"PROG27B48B2C056"=1

-----------------EOF-----------------

Logfile of random's system information tool 1.10 (written by random/random)
Run by ctelu at 2021-05-14 17:17:55
Microsoft Windows 10 Home
System drive C: has 200 GB (84%) free of 238 GB
Total RAM: 7356 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:18:04, on 14.05.2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
D:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
D:\Portable\TotalCommanderPortable\TotalCommanderPortable.exe
D:\Sticky Password\spNMHost.exe
D:\Sticky Password\stpass.exe
D:\Sticky Password\spUIAManager.exe
C:\Program Files\trend micro\ctelu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.56\BHO\ie_to_edge_bho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_1eb24 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: unchecky - Reason Software Company Inc. - D:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6177 bytes

======Listing Processes======









C:\WINDOWS\system32\lsass.exe
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k RPCSS -p
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s LSM
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s hidserv
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s nsi
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\WINDOWS\system32\atiesrxx.exe
atieclxx
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s Themes
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s EventSystem
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s netprofm
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
"c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
"c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"D:\Portable\CoreTemp64\Core Temp.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
"ctfmon.exe"
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s CryptSvc
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks

"D:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s TapiSrv
dashost.exe {62d30219-56c4-4160-ac68b59aa6a1b807}
C:\WINDOWS\System32\svchost.exe -k netsvcs
"D:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe" -start
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
"C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe"
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s fdPHost
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s FDResPub
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\WINDOWS\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup

"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
"C:\Windows\System32\SecurityHealthSystray.exe"


C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\WINDOWS\system32\svchost.exe -k LocalService -s W32Time

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"D:\Portable\TotalCommanderPortable\TotalCommanderPortable.exe"
"D:\Portable\TotalCommanderPortable\App\totalcmd\TOTALCMD64.exe" /i="D:\Portable\TotalCommanderPortable\Data\settings\wincmd.ini" /f="D:\Portable\TotalCommanderPortable\Data\settings\wcx_ftp.ini"
C:\WINDOWS\System32\svchost.exe -k netsvcs -p
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\ctelu\Desktop\Addition.txt
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\rsit\log.txt
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.93 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.56 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8aa733cb8,0x7ff8aa733cc8,0x7ff8aa733cd8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1996 /prefetch:2
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --lang=cs --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --lang=cs --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --lang=cs --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\WINDOWS\system32\cmd.exe /d /c "D:\Sticky Password\spNMHost.exe" chrome-extension://jbipmfkjgjhibkepepeneigpkfeikikp/ --parent-window=0 < \\.\pipe\LOCAL\chrome.nativeMessaging.in.b0fc29d9d9654d10 > \\.\pipe\LOCAL\chrome.nativeMessaging.out.b0fc29d9d9654d10
\??\C:\WINDOWS\system32\conhost.exe 0x4
"D:\Sticky Password\spNMHost.exe" chrome-extension://jbipmfkjgjhibkepepeneigpkfeikikp/ --parent-window=0
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"D:\Sticky Password\stpass.exe"
"D:\Sticky Password\spUIAManager.exe"
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
C:\WINDOWS\system32\DllHost.exe /Processid:{49F171DD-B51A-40D3-9A6C-52D674CC729D}
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\rsit\log.txt
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\ctelu\Desktop\Addition.txt
notepad "C:\Users\ctelu\Desktop\FRST.txt"
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,13926239802509376012,1677517708047398230,131072 --disable-gpu-compositing --lang=cs --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\AUDIODG.EXE 0x358

"C:\Users\ctelu\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

======Scheduled tasks folder======

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.56\BHO\ie_to_edge_bho_64.dll [2021-05-06 550800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.56\BHO\ie_to_edge_bho.dll [2021-05-06 410000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\WINDOWS\system32\SecurityHealthSystray.exe [2019-12-07 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AppEx Accelerator UI"=C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [2015-04-06 488640]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-04 767176]

C:\Users\ctelu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsQuic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=wdmaud.drv
"midi"=wdmaud.drv
"midimapper"=midimap.dll
"mixer"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wave"=wdmaud.drv
"wavemapper"=msacm32.drv
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"aux1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv

Message: Platforma Windows Filtering Platform umožnila vazbu na místní port.

pokrač.: viry01.7z
Přílohy
viry01.7z
(9.34 KiB) Staženo 49 x
Naposledy upravil(a) JiJi dne 15 kvě 2021 08:30, celkem upraveno 2 x.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola PC po viru

#2 Příspěvek od Rudy »

Zdravím!
Stáhněte nový FRST (ten váš je asi 5let prošlý):
ATTENTION: ====> FRSTversion is 1488 days old and could be outdated
a dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

JiJi
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 16 pro 2005 16:41
Bydliště: Olomouc, ČR

Re: Kontrola PC po viru

#3 Příspěvek od JiJi »

WIN 10 odmítá stáhnout. Poškození zařízení
Dodávám: C: disk SSD pouze systém
D: programy portable
Naposledy upravil(a) JiJi dne 14 kvě 2021 20:50, celkem upraveno 1 x.

JiJi
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 16 pro 2005 16:41
Bydliště: Olomouc, ČR

Re: Kontrola PC po viru

#4 Příspěvek od JiJi »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2021
Ran by ctelu (administrator) on DESKTOP-4572A6I (14-05-2021 21:20:59)
Running from D:\Stazene soubory
Loaded Profiles: ctelu
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(ALCPU -> ALCPU) D:\Portable\CoreTemp64\Core Temp.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) D:\Portable\TotalCommanderPortable\App\totalcmd\TOTALCMD64.EXE
(Lamantine Software a.s. -> Lamantine Software a.s.) D:\Sticky Password\spNMHost.exe
(Lamantine Software a.s. -> Lamantine Software a.s.) D:\Sticky Password\spUIAManager.exe
(Lamantine Software a.s. -> Lamantine Software a.s.) D:\Sticky Password\stpass.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(Opera Software AS -> Opera Software) D:\Portable\Opera portable\75.0.3969.243\opera.exe <16>
(Opera Software AS -> Opera Software) D:\Portable\Opera portable\75.0.3969.243\opera_crashreporter.exe
(PortableApps.com) [File not signed] [File is in use] D:\Portable\TotalCommanderPortable\TotalCommanderPortable.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) D:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) D:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation -> AppEx Networks Corporation)
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab48-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab60-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74111c1c-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74112377-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {884b219b-5e63-11eb-8a4b-74d435902f3c} - "E:\autorun.exe"
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\Software602 XPS port monitor: C:\WINDOWS\system32\602localmon.dll [54864 2018-05-31] (Software602 a.s. -> Windows (R) Win 7 DDK provider)
Startup: C:\Users\ctelu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk [2021-01-26]
ShortcutAndArgument: Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN17C12PJV05QV;CONNECTION=USB;MONITOR=1;
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1579F5CC-9033-47BF-BF50-670F72032C0C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463176 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DDE71CD-4543-416C-B8E7-D5461B2AF67A} - System32\Tasks\CCleanerSkipUAC => D:\Portable\ccsetup577\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2C8FA00B-DC9C-4E19-892B-6D2E0A095033} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4904BCBA-AFAF-48ED-A28E-D15075B6FE51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {51D4681D-DFB3-4C51-813E-BBEA3C4A19E4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938368 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9E8B79EF-F9E6-4FF0-BA02-D483A147A2CB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2323928 2021-02-02] (Microsoft Corporation -> Microsoft)
Task: {9F8E634D-83BA-4491-A236-7AFBCACAEAD7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938368 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8AD4AB5-9363-4CD3-9D28-D30F9CC90182} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Task: {AADDFD4F-EBA0-472A-85F3-3120A8C81380} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3984166785-435578412-2767841028-500 => C:\Users\ctelu\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B617144C-85AA-4EAB-B51F-ED3B832B51DD} - System32\Tasks\iolo\ActiveMessenger => D:\Portable\ActiveBridge.exe
Task: {BC0D7E84-908F-4F51-9060-88DA652826E5} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [32704 2021-02-02] (Microsoft Corporation -> Microsoft)
Task: {BF853FE1-B5AC-4FA3-8125-500339342B0A} - System32\Tasks\CCleaner Update => D:\Portable\ccsetup577\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {C0816751-BF59-4797-B2C2-D24FABEF209D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD58D87E-E4C9-470E-A947-E127B37E58C5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463176 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {F398DA01-81C4-44B4-A2A9-3E13EBCDDABC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FA1CBCF0-0FE4-4FC9-9BD8-FCE74D4AA7D3} - System32\Tasks\Core Temp Autostart ctelu => D:\Portable\CoreTemp64\Core Temp.exe [1035096 2021-04-11] (ALCPU -> ALCPU)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{aeceb362-6011-4c62-b2c2-7b0bdbbb1948}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f9ae9aa0-7031-4513-9c82-829780013b20}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-14]
Edge DownloadDir: Default -> D:\Stazene soubory
Edge HomePage: Default -> hxxps://duckduckgo.com/?kah=cz-cs&kad=cs_CZ&kp=1&kl=cz-cs&kbc=1
Edge StartupUrls: Default -> "hxxps://duckduckgo.com/?kah=cz-cs&kad=cs_CZ&kp=1&kl=cz-cs&kbc=1&atb=v257-1"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge Extension: (Edge Translate) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bfdogplmndidlpjfhoijckpakkdjkkil [2021-03-17]
Edge Extension: (DuckDuckGo) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2021-05-05]
Edge Extension: (Translator) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdkmohnpfdennnemmjekmmiibgfddako [2021-01-17]
Edge Extension: (Cookie AutoDelete) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\djkjpnciiommncecmdefpdllknjdmmmo [2021-02-27]
Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2021-03-02]
Edge Extension: (Avast Online Security) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2021-02-27]
Edge Extension: (CSV Viewer by Table Capture) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gafpmfmbkgaljjlophfhgdaaabilimgm [2021-02-09]
Edge Extension: (Sticky Password - správce hesel) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbipmfkjgjhibkepepeneigpkfeikikp [2021-04-07]
Edge Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2021-05-13]
Edge Extension: (Save as PDF) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mlgefgipndlgdfjfgnjfheigkagjieea [2021-01-22]
Edge Extension: (uBlock Origin) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2021-05-11]
Edge Extension: (Chrome Media Router) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-20]

FireFox:
========
FF DefaultProfile: 14ez58gb.default-release
FF ProfilePath: C:\Users\ctelu\AppData\Roaming\Mozilla\Firefox\Profiles\g50njofg.default-release-1-1618394918094 [2021-05-12]
FF ProfilePath: C:\Users\ctelu\AppData\Roaming\Mozilla\Firefox\Profiles\14ez58gb.default-release [2021-05-12]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 unchecky; D:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2020-07-26] (Reason Software Company Inc. -> Reason Software Company Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\ctelu\AppData\Local\Temp\ALSysIO64.sys [47240 2021-05-14] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation -> AppEx Networks Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-10-09] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspMmFs; C:\WINDOWS\System32\DRIVERS\rspMmFs64.sys [20224 2016-12-08] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspMon; C:\WINDOWS\System32\DRIVERS\rspMon64.sys [27392 2016-12-08] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspUndeluxe; C:\WINDOWS\System32\DRIVERS\rspUnd64.sys [25856 2018-12-05] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap640$T; C:\WINDOWS\System32\drivers\tap640$T.sys [49920 2020-08-22] (Ghostery, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-14 21:18 - 2021-05-14 21:19 - 000000000 ____D C:\Users\ctelu\Desktop\FRST-OlderVersion
2021-05-14 21:18 - 2021-05-14 21:18 - 002299392 _____ (Farbar) C:\Users\ctelu\Desktop\FRST64.exe
2021-05-14 15:51 - 2021-05-14 17:17 - 000000000 ____D C:\Program Files\trend micro
2021-05-14 15:33 - 2021-05-14 21:21 - 000000000 ____D C:\FRST
2021-05-13 18:22 - 2021-05-13 18:22 - 000000000 ____D C:\Users\ctelu\AppData\Roaming\Bitwarden
2021-05-13 17:13 - 2021-05-13 17:13 - 000000000 ____D C:\Users\ctelu\AppData\Local\bitwarden-updater
2021-05-11 20:07 - 2021-05-11 20:07 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-10 09:52 - 2021-05-10 09:52 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2021-05-10 09:50 - 2021-05-10 09:56 - 000000000 ____D C:\Program Files\Rainmeter
2021-05-10 09:37 - 2021-05-10 09:37 - 000000000 ____D C:\AMD
2021-05-09 22:17 - 2021-05-13 19:13 - 000002914 _____ C:\WINDOWS\system32\Tasks\Core Temp Autostart ctelu
2021-05-06 08:51 - 2021-05-13 10:53 - 000007625 _____ C:\Users\ctelu\AppData\Local\Resmon.ResmonCfg
2021-05-04 15:16 - 2021-05-08 12:24 - 000004204 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-05-02 10:50 - 2021-05-02 15:38 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-01 17:54 - 2021-05-01 17:56 - 000000000 ____D C:\KRD2018_Data
2021-05-01 13:43 - 2021-05-01 13:43 - 000000000 ____D C:\ProgramData\Panda Security
2021-05-01 13:40 - 2021-05-01 15:50 - 000000000 ____D C:\Users\ctelu\AppData\Local\FSDART
2021-05-01 13:40 - 2021-05-01 13:42 - 000000000 ____D C:\ProgramData\F-Secure
2021-04-30 11:16 - 2021-05-14 11:16 - 090177536 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-04-29 07:36 - 2021-04-29 07:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-29 07:36 - 2021-04-29 07:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-29 07:36 - 2021-04-29 07:36 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-29 07:36 - 2021-04-29 07:36 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-29 07:36 - 2021-04-29 07:36 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-29 07:36 - 2021-04-29 07:36 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-29 07:36 - 2021-04-29 07:36 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-27 15:33 - 2021-04-27 15:33 - 000000000 ____D C:\Users\ctelu\AppData\Local\NPE
2021-04-27 15:33 - 2021-04-27 15:33 - 000000000 ____D C:\ProgramData\Norton
2021-04-18 18:00 - 2021-04-18 18:00 - 000000000 ____D C:\Users\ctelu\AppData\Local\eM Client
2021-04-17 16:07 - 2021-05-09 09:56 - 000000000 ____D C:\Users\ctelu\AppData\Local\ESET
2021-04-17 05:37 - 2021-04-17 05:38 - 000000000 ____D C:\Users\ctelu\AppData\Local\BraveSoftware
2021-04-14 09:46 - 2021-04-14 09:46 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-14 21:12 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-14 21:11 - 2020-12-05 14:39 - 000000000 ____D C:\Users\ctelu\AppData\Roaming\Mozilla
2021-05-14 21:11 - 2020-07-25 21:57 - 000000000 ____D C:\Users\ctelu\AppData\Roaming\Thunderbird
2021-05-14 19:33 - 2020-09-27 07:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-14 15:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-14 15:18 - 2020-10-21 18:23 - 000005858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-14 15:18 - 2019-12-07 16:41 - 002716370 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-14 15:18 - 2019-12-07 16:41 - 002086906 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-14 15:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-14 15:14 - 2021-01-13 19:45 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-14 15:14 - 2020-09-27 09:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-14 11:16 - 2020-07-25 17:21 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-05-14 11:16 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-14 08:50 - 2020-09-27 09:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-13 07:48 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-13 07:44 - 2020-07-25 21:57 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-12 17:45 - 2020-09-26 12:05 - 000000000 ____D C:\Users\ctelu\AppData\Local\CrashDumps
2021-05-12 17:04 - 2020-07-25 17:46 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-11 20:12 - 2020-09-27 07:50 - 000267512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-11 20:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-11 20:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-11 20:08 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-11 19:58 - 2020-07-25 17:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-10 09:38 - 2020-08-11 15:45 - 000000000 ____D C:\Program Files (x86)\AMD
2021-05-08 21:21 - 2020-09-27 09:53 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-08 15:32 - 2020-10-21 18:16 - 000000000 ____D C:\Users\ctelu
2021-05-04 15:19 - 2020-07-25 17:08 - 000000000 ____D C:\Users\ctelu\AppData\Local\GHISLER
2021-05-04 15:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-05-03 11:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-01 12:35 - 2020-07-25 16:56 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-30 11:16 - 2020-09-26 11:36 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-04-29 07:58 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-29 07:55 - 2019-12-07 16:42 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-04-29 07:19 - 2021-02-27 12:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-27 06:42 - 2021-01-13 20:20 - 000000000 ____D C:\WINDOWS\Panther
2021-04-26 09:43 - 2021-03-25 15:58 - 000000000 ____D C:\Users\ctelu\AppData\Local\ElevatedDiagnostics
2021-04-26 08:15 - 2020-09-27 09:53 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 08:15 - 2020-09-27 09:53 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-20 04:56 - 2020-07-27 21:54 - 000000000 ____D C:\Users\ctelu\AppData\Local\D3DSCache
2021-04-14 09:48 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

==================== Files in the root of some directories ========

2020-09-27 10:44 - 2020-09-27 10:44 - 000021368 _____ (Schneider Electric) C:\Users\ctelu\en_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000021368 _____ (Schneider Electric) C:\Users\ctelu\es_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000021880 _____ (Schneider Electric) C:\Users\ctelu\fr_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000021880 _____ (Schneider Electric) C:\Users\ctelu\grm_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000021368 _____ (Schneider Electric) C:\Users\ctelu\it_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000020344 _____ (Schneider Electric) C:\Users\ctelu\jp_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 001079808 _____ (Microsoft Corporation) C:\Users\ctelu\mfc80u.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000626688 _____ (Microsoft Corporation) C:\Users\ctelu\msvcr80.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 013923704 _____ (Schneider Electric) C:\Users\ctelu\PCPE Setup.exe
2020-09-27 10:44 - 2020-09-27 10:44 - 000021368 _____ (Schneider Electric) C:\Users\ctelu\pt_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000018808 _____ () C:\Users\ctelu\ResourceReader.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000020856 _____ (Schneider Electric) C:\Users\ctelu\ru_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000019832 _____ (Schneider Electric) C:\Users\ctelu\zh_res.dll
2021-05-06 08:51 - 2021-05-13 10:53 - 000007625 _____ () C:\Users\ctelu\AppData\Local\Resmon.ResmonCfg

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2020-10-31] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2021
Ran by ctelu (14-05-2021 21:22:22)
Running from D:\Stazene soubory
Windows 10 Home Version 20H2 19042.985 (X64) (2020-10-21 16:21:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3984166785-435578412-2767841028-500 - Administrator - Disabled)
ctelu (S-1-5-21-3984166785-435578412-2767841028-1001 - Administrator - Enabled) => C:\Users\ctelu
DefaultAccount (S-1-5-21-3984166785-435578412-2767841028-503 - Limited - Disabled)
Guest (S-1-5-21-3984166785-435578412-2767841028-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3984166785-435578412-2767841028-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 13.250.137.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Wargaming.net Game Center (HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\Wargaming.net Game Center) (Version: 21.2.2.4998 - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)
Základní software zařízení HP Deskjet 2050 J510 series (HKLM\...\{F61FD928-A74D-4AF9-9667-BE2BB6F2C386}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-07-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-07-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-11] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Portable\7-ZipPortable\App\7-Zip64\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Portable\7-ZipPortable\App\7-Zip64\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2021-05-14 21:20 - 2021-05-14 21:20 - 000008704 _____ () [File not signed] C:\Users\ctelu\AppData\Local\Temp\nsoFAC4.tmp\newadvsplash.dll
2021-05-14 21:20 - 2021-05-14 21:20 - 000011264 _____ () [File not signed] C:\Users\ctelu\AppData\Local\Temp\nsoFAC4.tmp\System.dll
2019-02-21 18:00 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] D:\Portable\7-ZipPortable\App\7-Zip64\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [101]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2021-03-20 20:05 - 000456390 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 analytics.ff.avast.com
0.0.0.0 analytics.ns1.ff.avast.com
0.0.0.0 v7event.stats.avcdn.net
0.0.0.0 v7.stats.avcdn.net
0.0.0.0 flow.lavasoft.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 ws.mcafee.com
0.0.0.0 analytics.ccs.mcafee.com
0.0.0.0 analyticsdcs.ccs.mcafee.com
0.0.0.0 carcharodon.trendmicro.com
0.0.0.0 0.0.0.0
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com

There are 15655 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3984166785-435578412-2767841028-1001\Control Panel\Desktop\\Wallpaper -> c:\users\ctelu\appdata\roaming\microsoft\windows photo viewer\tapeta programu windows prohlížeč fotografií.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: AppEx Networks Accelerator -> appex_acc (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "APC UPS Status.lnk"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Display"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\StartupApproved\StartupFolder: => "Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\StartupApproved\Run: => "electron.app.Ghostery Midnight"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\StartupApproved\Run: => "SpyEmergency"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{42F26F69-C414-4167-A37B-4139B9F200ED}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{2B30D67B-8667-491A-A090-9FF6D11F2521}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{6E03CFE1-4B20-4B15-89F0-2398D78737AF}D:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{1EF8130A-1B0F-4654-9B22-6B7A18F3771D}D:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{A01B097F-6B94-4175-9AB7-0A2996C59BD7}D:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{37FAF99E-F3FC-44B6-8911-70B5B1052541}D:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{BE2FB31F-712F-4FDC-A77C-C994B1CF9D9A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{680AA6F5-C8AF-456E-BE81-3E5CE61EDCF9}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/14/2021 12:23:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/14/2021 12:23:44 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/13/2021 08:17:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/13/2021 08:17:30 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/13/2021 08:17:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/13/2021 08:17:30 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/13/2021 04:30:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\WINDOWS\system32\msiexec.exe /V; Popis = Removed LastPass; Chyba = 0x80070422).

Error: (05/13/2021 04:30:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\WINDOWS\system32\msiexec.exe /V; Popis = Removed LastPass; Chyba = 0x80070422).


System errors:
=============
Error: (05/11/2021 05:36:19 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-4572A6I)
Description: Nelze spustit server DCOM: Microsoft.MicrosoftEdge_44.19041.964.0_neutral__8wekyb3d8bbwe!MicrosoftEdge jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (05/10/2021 07:02:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby SecurityHealthService s argumenty Není k dispozici za účelem spuštění serveru:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (05/10/2021 07:00:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby SecurityHealthService s argumenty Není k dispozici za účelem spuštění serveru:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (05/10/2021 09:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba atillk64 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (05/10/2021 09:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba atillk64 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (05/10/2021 09:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba atidgllk neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (05/10/2021 09:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba atidgllk neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (05/10/2021 09:39:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba atillk64 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
================
Date: 2021-05-14 21:11:26
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-14T19:11:26.515Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.672.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-14 21:11:26
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-14T19:11:26.515Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.672.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-14 20:04:44
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-14T18:04:44.449Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.672.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-14 09:28:10
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-14T07:28:10.330Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.643.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-14 09:28:10
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-14T07:28:10.330Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.643.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-06 08:11:51
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.337.679.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

Date: 2021-05-06 08:11:49
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.339.42.0
Předchozí verze bezpečnostních informací: 1.337.679.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-05-06 08:11:49
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.339.42.0
Předchozí verze bezpečnostních informací: 1.337.679.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-05-06 08:11:49
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18100.5
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

CodeIntegrity:
===============
Date: 2021-03-20 19:04:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-03-17 20:54:44
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F7 07/09/2014
Motherboard: Gigabyte Technology Co., Ltd. F2A88XM-HD3
Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 7356.11 MB
Available physical RAM: 3375.66 MB
Total Virtual: 14780.11 MB
Available Virtual: 10866.43 MB

==================== Drives ================================

Drive c: (Disk "C") (Fixed) (Total:232.25 GB) (Free:195.36 GB) NTFS
Drive d: (Disk "D") (Fixed) (Total:298.09 GB) (Free:229.79 GB) NTFS

\\?\Volume{a94fff92-00a1-4177-b841-83874935ebe8}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{212a0347-ec9a-46f3-82d1-13718bd0d6c8}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 413FC4E6)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 46606EA6)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola PC po viru

#5 Příspěvek od Rudy »

Asi se nelíbí antiviru. Malware to není (běžně používáme). Po dobu práce s FRST je třeba AV dočasně vypnout. Teď spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

JiJi
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 16 pro 2005 16:41
Bydliště: Olomouc, ČR

Re: Kontrola PC po viru

#6 Příspěvek od JiJi »

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-15-2021
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 17
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\ctelu\AppData\Roaming\SAMSUNG\SMART SWITCH PC


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3145 octets] - [14/05/2021 22:33:43]
AdwCleaner[S01].txt - [3206 octets] - [14/05/2021 23:55:55]
AdwCleaner[S02].txt - [3267 octets] - [15/05/2021 00:01:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
Naposledy upravil(a) JiJi dne 14 kvě 2021 23:13, celkem upraveno 1 x.

JiJi
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 16 pro 2005 16:41
Bydliště: Olomouc, ČR

Re: Kontrola PC po viru

#7 Příspěvek od JiJi »

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-15-2021
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 17
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\ctelu\AppData\Roaming\SAMSUNG\SMART SWITCH PC


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3145 octets] - [14/05/2021 22:33:43]
AdwCleaner[S01].txt - [3206 octets] - [14/05/2021 23:55:55]
AdwCleaner[S02].txt - [3267 octets] - [15/05/2021 00:01:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola PC po viru

#8 Příspěvek od Rudy »

OK. Dejte nové logy FRST+Addition a zbytek dočistíme růčo.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

JiJi
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 16 pro 2005 16:41
Bydliště: Olomouc, ČR

Re: Kontrola PC po viru

#9 Příspěvek od JiJi »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021
Ran by ctelu (administrator) on DESKTOP-4572A6I (15-05-2021 14:31:11)
Running from D:\Stazene soubory\viry00
Loaded Profiles: ctelu
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(ALCPU -> ALCPU) D:\Portable\CoreTemp64\Core Temp.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) D:\Portable\TotalCommanderPortable\App\totalcmd\TOTALCMD64.EXE
(Lamantine Software a.s. -> Lamantine Software a.s.) D:\Sticky Password\spNMHost.exe
(Lamantine Software a.s. -> Lamantine Software a.s.) D:\Sticky Password\spUIAManager.exe
(Lamantine Software a.s. -> Lamantine Software a.s.) D:\Sticky Password\stpass.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(PortableApps.com) [File not signed] [File is in use] D:\Portable\TotalCommanderPortable\TotalCommanderPortable.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) D:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) D:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation -> AppEx Networks Corporation)
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab48-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab60-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74111c1c-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74112377-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {884b219b-5e63-11eb-8a4b-74d435902f3c} - "E:\autorun.exe"
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\Software602 XPS port monitor: C:\WINDOWS\system32\602localmon.dll [54864 2018-05-31] (Software602 a.s. -> Windows (R) Win 7 DDK provider)
Startup: C:\Users\ctelu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk [2021-01-26]
ShortcutAndArgument: Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN17C12PJV05QV;CONNECTION=USB;MONITOR=1;
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1579F5CC-9033-47BF-BF50-670F72032C0C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463176 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DDE71CD-4543-416C-B8E7-D5461B2AF67A} - System32\Tasks\CCleanerSkipUAC => D:\Portable\ccsetup577\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2C8FA00B-DC9C-4E19-892B-6D2E0A095033} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4904BCBA-AFAF-48ED-A28E-D15075B6FE51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {51D4681D-DFB3-4C51-813E-BBEA3C4A19E4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938368 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9E8B79EF-F9E6-4FF0-BA02-D483A147A2CB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2323928 2021-02-02] (Microsoft Corporation -> Microsoft)
Task: {9F8E634D-83BA-4491-A236-7AFBCACAEAD7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938368 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8AD4AB5-9363-4CD3-9D28-D30F9CC90182} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Task: {AADDFD4F-EBA0-472A-85F3-3120A8C81380} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3984166785-435578412-2767841028-500 => C:\Users\ctelu\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B617144C-85AA-4EAB-B51F-ED3B832B51DD} - System32\Tasks\iolo\ActiveMessenger => D:\Portable\ActiveBridge.exe
Task: {BC0D7E84-908F-4F51-9060-88DA652826E5} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [32704 2021-02-02] (Microsoft Corporation -> Microsoft)
Task: {BF853FE1-B5AC-4FA3-8125-500339342B0A} - System32\Tasks\CCleaner Update => D:\Portable\ccsetup577\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {C0816751-BF59-4797-B2C2-D24FABEF209D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD58D87E-E4C9-470E-A947-E127B37E58C5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463176 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {F398DA01-81C4-44B4-A2A9-3E13EBCDDABC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FA1CBCF0-0FE4-4FC9-9BD8-FCE74D4AA7D3} - System32\Tasks\Core Temp Autostart ctelu => D:\Portable\CoreTemp64\Core Temp.exe [1035096 2021-04-11] (ALCPU -> ALCPU)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{aeceb362-6011-4c62-b2c2-7b0bdbbb1948}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f9ae9aa0-7031-4513-9c82-829780013b20}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-15]
Edge DownloadDir: Default -> D:\Stazene soubory
Edge HomePage: Default -> hxxps://duckduckgo.com/?kah=cz-cs&kad=cs_CZ&kp=1&kl=cz-cs&kbc=1
Edge StartupUrls: Default -> "hxxps://duckduckgo.com/?kah=cz-cs&kad=cs_CZ&kp=1&kl=cz-cs&kbc=1&atb=v257-1"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge Extension: (Edge Translate) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bfdogplmndidlpjfhoijckpakkdjkkil [2021-03-17]
Edge Extension: (DuckDuckGo) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2021-05-05]
Edge Extension: (Translator) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdkmohnpfdennnemmjekmmiibgfddako [2021-01-17]
Edge Extension: (Cookie AutoDelete) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\djkjpnciiommncecmdefpdllknjdmmmo [2021-02-27]
Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2021-03-02]
Edge Extension: (Avast Online Security) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2021-02-27]
Edge Extension: (CSV Viewer by Table Capture) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gafpmfmbkgaljjlophfhgdaaabilimgm [2021-02-09]
Edge Extension: (Sticky Password - správce hesel) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbipmfkjgjhibkepepeneigpkfeikikp [2021-04-07]
Edge Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2021-05-13]
Edge Extension: (Save as PDF) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mlgefgipndlgdfjfgnjfheigkagjieea [2021-01-22]
Edge Extension: (uBlock Origin) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2021-05-11]
Edge Extension: (Chrome Media Router) - C:\Users\ctelu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-20]

FireFox:
========
FF DefaultProfile: 14ez58gb.default-release
FF ProfilePath: C:\Users\ctelu\AppData\Roaming\Mozilla\Firefox\Profiles\g50njofg.default-release-1-1618394918094 [2021-05-14]
FF ProfilePath: C:\Users\ctelu\AppData\Roaming\Mozilla\Firefox\Profiles\14ez58gb.default-release [2021-05-14]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 unchecky; D:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2020-07-26] (Reason Software Company Inc. -> Reason Software Company Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\ctelu\AppData\Local\Temp\ALSysIO64.sys [47240 2021-05-15] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation -> AppEx Networks Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-10-09] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspMmFs; C:\WINDOWS\System32\DRIVERS\rspMmFs64.sys [20224 2016-12-08] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspMon; C:\WINDOWS\System32\DRIVERS\rspMon64.sys [27392 2016-12-08] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspUndeluxe; C:\WINDOWS\System32\DRIVERS\rspUnd64.sys [25856 2018-12-05] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap640$T; C:\WINDOWS\System32\drivers\tap640$T.sys [49920 2020-08-22] (Ghostery, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-15 14:30 - 2021-05-15 14:30 - 002299392 _____ (Farbar) C:\Users\ctelu\Desktop\FRST64.exe
2021-05-15 14:30 - 2021-05-15 14:30 - 000000000 ____D C:\Users\ctelu\Desktop\FRST-OlderVersion
2021-05-15 14:29 - 2021-05-15 14:31 - 000000000 ____D C:\FRST
2021-05-15 09:37 - 2021-05-15 09:39 - 000003387 _____ C:\Users\ctelu\Desktop\scan_log.txt
2021-05-15 09:36 - 2021-05-15 09:35 - 000207872 _____ (Copyrights Diallix Software (C)) C:\Users\ctelu\Desktop\inlinehookscanner.exe
2021-05-14 22:32 - 2021-05-15 00:02 - 000000000 ____D C:\AdwCleaner
2021-05-14 15:51 - 2021-05-14 17:17 - 000000000 ____D C:\Program Files\trend micro
2021-05-13 18:22 - 2021-05-13 18:22 - 000000000 ____D C:\Users\ctelu\AppData\Roaming\Bitwarden
2021-05-13 17:13 - 2021-05-13 17:13 - 000000000 ____D C:\Users\ctelu\AppData\Local\bitwarden-updater
2021-05-11 20:07 - 2021-05-11 20:07 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-10 09:52 - 2021-05-10 09:52 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2021-05-10 09:50 - 2021-05-10 09:56 - 000000000 ____D C:\Program Files\Rainmeter
2021-05-10 09:37 - 2021-05-10 09:37 - 000000000 ____D C:\AMD
2021-05-09 22:17 - 2021-05-13 19:13 - 000002914 _____ C:\WINDOWS\system32\Tasks\Core Temp Autostart ctelu
2021-05-06 08:51 - 2021-05-13 10:53 - 000007625 _____ C:\Users\ctelu\AppData\Local\Resmon.ResmonCfg
2021-05-04 15:16 - 2021-05-08 12:24 - 000004204 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-05-02 10:50 - 2021-05-02 15:38 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-01 17:54 - 2021-05-01 17:56 - 000000000 ____D C:\KRD2018_Data
2021-05-01 13:43 - 2021-05-01 13:43 - 000000000 ____D C:\ProgramData\Panda Security
2021-05-01 13:40 - 2021-05-01 15:50 - 000000000 ____D C:\Users\ctelu\AppData\Local\FSDART
2021-05-01 13:40 - 2021-05-01 13:42 - 000000000 ____D C:\ProgramData\F-Secure
2021-04-30 11:16 - 2021-05-15 11:13 - 090177536 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-04-29 07:36 - 2021-04-29 07:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-29 07:36 - 2021-04-29 07:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-29 07:36 - 2021-04-29 07:36 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-29 07:36 - 2021-04-29 07:36 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-29 07:36 - 2021-04-29 07:36 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-29 07:36 - 2021-04-29 07:36 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-29 07:36 - 2021-04-29 07:36 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-04-29 07:36 - 2021-04-29 07:36 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-29 07:36 - 2021-04-29 07:36 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-27 15:33 - 2021-04-27 15:33 - 000000000 ____D C:\Users\ctelu\AppData\Local\NPE
2021-04-27 15:33 - 2021-04-27 15:33 - 000000000 ____D C:\ProgramData\Norton
2021-04-18 18:00 - 2021-04-18 18:00 - 000000000 ____D C:\Users\ctelu\AppData\Local\eM Client
2021-04-17 16:07 - 2021-05-09 09:56 - 000000000 ____D C:\Users\ctelu\AppData\Local\ESET
2021-04-17 05:37 - 2021-04-17 05:38 - 000000000 ____D C:\Users\ctelu\AppData\Local\BraveSoftware

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-15 14:29 - 2020-10-21 18:23 - 000005858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-15 14:29 - 2019-12-07 16:41 - 002770546 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-15 14:29 - 2019-12-07 16:41 - 002103634 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-15 14:25 - 2021-01-13 19:45 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-15 14:25 - 2020-09-27 09:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-15 14:25 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-15 11:13 - 2020-07-25 17:21 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-05-15 11:13 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-15 10:53 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-15 10:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-15 09:28 - 2020-12-05 14:39 - 000000000 ____D C:\Users\ctelu\AppData\Roaming\Mozilla
2021-05-15 09:28 - 2020-07-25 21:57 - 000000000 ____D C:\Users\ctelu\AppData\Roaming\Thunderbird
2021-05-15 09:08 - 2020-07-25 21:57 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-15 00:02 - 2021-01-28 12:51 - 000000000 ____D C:\Users\ctelu\AppData\Roaming\Samsung
2021-05-14 19:33 - 2020-09-27 07:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-14 15:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-14 08:50 - 2020-09-27 09:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-12 17:45 - 2020-09-26 12:05 - 000000000 ____D C:\Users\ctelu\AppData\Local\CrashDumps
2021-05-12 17:04 - 2020-07-25 17:46 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-11 20:12 - 2020-09-27 07:50 - 000267512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-11 20:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-11 20:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-11 20:08 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-11 19:58 - 2020-07-25 17:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-10 09:38 - 2020-08-11 15:45 - 000000000 ____D C:\Program Files (x86)\AMD
2021-05-08 21:21 - 2020-09-27 09:53 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-08 15:32 - 2020-10-21 18:16 - 000000000 ____D C:\Users\ctelu
2021-05-04 15:19 - 2020-07-25 17:08 - 000000000 ____D C:\Users\ctelu\AppData\Local\GHISLER
2021-05-04 15:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-05-03 11:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-01 12:35 - 2020-07-25 16:56 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-30 11:16 - 2020-09-26 11:36 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-04-29 07:58 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-29 07:55 - 2019-12-07 16:42 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-29 07:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-04-29 07:19 - 2021-02-27 12:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-27 06:42 - 2021-01-13 20:20 - 000000000 ____D C:\WINDOWS\Panther
2021-04-26 09:43 - 2021-03-25 15:58 - 000000000 ____D C:\Users\ctelu\AppData\Local\ElevatedDiagnostics
2021-04-26 08:15 - 2020-09-27 09:53 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 08:15 - 2020-09-27 09:53 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-20 04:56 - 2020-07-27 21:54 - 000000000 ____D C:\Users\ctelu\AppData\Local\D3DSCache

==================== Files in the root of some directories ========

2020-09-27 10:44 - 2020-09-27 10:44 - 000021368 _____ (Schneider Electric) C:\Users\ctelu\en_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000021368 _____ (Schneider Electric) C:\Users\ctelu\es_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000021880 _____ (Schneider Electric) C:\Users\ctelu\fr_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000021880 _____ (Schneider Electric) C:\Users\ctelu\grm_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000021368 _____ (Schneider Electric) C:\Users\ctelu\it_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000020344 _____ (Schneider Electric) C:\Users\ctelu\jp_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 001079808 _____ (Microsoft Corporation) C:\Users\ctelu\mfc80u.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000626688 _____ (Microsoft Corporation) C:\Users\ctelu\msvcr80.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 013923704 _____ (Schneider Electric) C:\Users\ctelu\PCPE Setup.exe
2020-09-27 10:44 - 2020-09-27 10:44 - 000021368 _____ (Schneider Electric) C:\Users\ctelu\pt_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000018808 _____ () C:\Users\ctelu\ResourceReader.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000020856 _____ (Schneider Electric) C:\Users\ctelu\ru_res.dll
2020-09-27 10:44 - 2020-09-27 10:44 - 000019832 _____ (Schneider Electric) C:\Users\ctelu\zh_res.dll
2021-05-06 08:51 - 2021-05-13 10:53 - 000007625 _____ () C:\Users\ctelu\AppData\Local\Resmon.ResmonCfg

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2020-10-31] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by ctelu (15-05-2021 14:32:41)
Running from D:\Stazene soubory\viry00
Windows 10 Home Version 20H2 19042.985 (X64) (2020-10-21 16:21:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3984166785-435578412-2767841028-500 - Administrator - Disabled)
ctelu (S-1-5-21-3984166785-435578412-2767841028-1001 - Administrator - Enabled) => C:\Users\ctelu
DefaultAccount (S-1-5-21-3984166785-435578412-2767841028-503 - Limited - Disabled)
Guest (S-1-5-21-3984166785-435578412-2767841028-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3984166785-435578412-2767841028-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 13.250.137.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Wargaming.net Game Center (HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\Wargaming.net Game Center) (Version: 21.2.2.4998 - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)
Základní software zařízení HP Deskjet 2050 J510 series (HKLM\...\{F61FD928-A74D-4AF9-9667-BE2BB6F2C386}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-07-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-07-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-11] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Portable\7-ZipPortable\App\7-Zip64\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Portable\7-ZipPortable\App\7-Zip64\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2021-05-15 14:29 - 2021-05-15 14:29 - 000008704 _____ () [File not signed] C:\Users\ctelu\AppData\Local\Temp\nsyCE30.tmp\newadvsplash.dll
2021-05-15 14:29 - 2021-05-15 14:29 - 000011264 _____ () [File not signed] C:\Users\ctelu\AppData\Local\Temp\nsyCE30.tmp\System.dll
2019-02-21 18:00 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] D:\Portable\7-ZipPortable\App\7-Zip64\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [101]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.

IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2021-03-20 20:05 - 000456390 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 analytics.ff.avast.com
0.0.0.0 analytics.ns1.ff.avast.com
0.0.0.0 v7event.stats.avcdn.net
0.0.0.0 v7.stats.avcdn.net
0.0.0.0 flow.lavasoft.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 ws.mcafee.com
0.0.0.0 analytics.ccs.mcafee.com
0.0.0.0 analyticsdcs.ccs.mcafee.com
0.0.0.0 carcharodon.trendmicro.com
0.0.0.0 0.0.0.0
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com

There are 15655 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3984166785-435578412-2767841028-1001\Control Panel\Desktop\\Wallpaper -> c:\users\ctelu\appdata\roaming\microsoft\windows photo viewer\tapeta programu windows prohlížeč fotografií.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: AppEx Networks Accelerator -> appex_acc (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "APC UPS Status.lnk"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Display"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\StartupApproved\StartupFolder: => "Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\StartupApproved\Run: => "electron.app.Ghostery Midnight"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\StartupApproved\Run: => "SpyEmergency"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{42F26F69-C414-4167-A37B-4139B9F200ED}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{2B30D67B-8667-491A-A090-9FF6D11F2521}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{6E03CFE1-4B20-4B15-89F0-2398D78737AF}D:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{1EF8130A-1B0F-4654-9B22-6B7A18F3771D}D:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{A01B097F-6B94-4175-9AB7-0A2996C59BD7}D:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{37FAF99E-F3FC-44B6-8911-70B5B1052541}D:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{BE2FB31F-712F-4FDC-A77C-C994B1CF9D9A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{680AA6F5-C8AF-456E-BE81-3E5CE61EDCF9}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/15/2021 01:19:02 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/15/2021 12:02:30 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = D:\Stazene soubory\adwcleaner_8.2.exe soubory\adwcleaner_8.2.exe" ; Popis = AdwCleaner_BeforeCleaning_15/05/2021_00:02:30; Chyba = 0x80070422).

Error: (05/14/2021 12:23:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/14/2021 12:23:44 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/13/2021 08:17:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/13/2021 08:17:30 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/13/2021 08:17:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/13/2021 08:17:30 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (05/15/2021 01:19:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby SecurityHealthService s argumenty Není k dispozici za účelem spuštění serveru:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (05/15/2021 12:02:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/15/2021 12:02:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba unchecky byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/15/2021 12:02:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/11/2021 05:36:19 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-4572A6I)
Description: Nelze spustit server DCOM: Microsoft.MicrosoftEdge_44.19041.964.0_neutral__8wekyb3d8bbwe!MicrosoftEdge jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (05/10/2021 07:02:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby SecurityHealthService s argumenty Není k dispozici za účelem spuštění serveru:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (05/10/2021 07:00:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby SecurityHealthService s argumenty Není k dispozici za účelem spuštění serveru:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (05/10/2021 09:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba atillk64 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
================
Date: 2021-05-15 10:32:46
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-15T08:32:46.268Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.720.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-15 10:32:46
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-15T08:32:46.267Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.720.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-15 09:56:54
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-15T07:56:54.802Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.720.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-15 09:56:54
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-15T07:56:54.802Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.720.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-15 09:41:05
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\rundll32.exe možnost upravit %userprofile%\Favorites.
Čas detekce: 2021-05-15T07:41:05.206Z
Uživatel: DESKTOP-4572A6I\ctelu
Cesta: %userprofile%\Favorites
Název procesu: C:\Windows\System32\rundll32.exe
Verze bezpečnostních informací: 1.339.720.0
Verze modulu: 1.1.18100.6
Verze produktu: 4.18.2104.14

Date: 2021-05-06 08:11:51
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.337.679.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

Date: 2021-05-06 08:11:49
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.339.42.0
Předchozí verze bezpečnostních informací: 1.337.679.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-05-06 08:11:49
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.339.42.0
Předchozí verze bezpečnostních informací: 1.337.679.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-05-06 08:11:49
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18100.5
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

CodeIntegrity:
===============
Date: 2021-03-20 19:04:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-03-17 20:54:44
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F7 07/09/2014
Motherboard: Gigabyte Technology Co., Ltd. F2A88XM-HD3
Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 7356.11 MB
Available physical RAM: 4299.75 MB
Total Virtual: 14780.11 MB
Available Virtual: 11829.06 MB

==================== Drives ================================

Drive c: (Disk "C") (Fixed) (Total:232.25 GB) (Free:195.83 GB) NTFS
Drive d: (Disk "D") (Fixed) (Total:298.09 GB) (Free:217.9 GB) NTFS

\\?\Volume{a94fff92-00a1-4177-b841-83874935ebe8}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{212a0347-ec9a-46f3-82d1-13718bd0d6c8}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 413FC4E6)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 46606EA6)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola PC po viru

#10 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab48-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab60-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74111c1c-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74112377-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {884b219b-5e63-11eb-8a4b-74d435902f3c} - "E:\autorun.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
C:\DumpStack.log.tmp
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [101]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

EmptyTemp:
End
Uložte do D:\Stazene soubory\viry00 jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

JiJi
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 16 pro 2005 16:41
Bydliště: Olomouc, ČR

Re: Kontrola PC po viru

#11 Příspěvek od JiJi »

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by ctelu (15-05-2021 15:57:40) Run:1
Running from D:\Stazene soubory\viry00
Loaded Profiles: ctelu
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab48-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {7346ab60-3f05-11eb-89b2-74d435902f3c} - "F:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74111c1c-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {74112377-5e77-11eb-8a4c-74d435902f3c} - "E:\autorun.exe"
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\...\MountPoints2: {884b219b-5e63-11eb-8a4b-74d435902f3c} - "E:\autorun.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
C:\DumpStack.log.tmp
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [101]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7346ab48-3f05-11eb-89b2-74d435902f3c} => removed successfully
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7346ab60-3f05-11eb-89b2-74d435902f3c} => removed successfully
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74111c1c-5e77-11eb-8a4c-74d435902f3c} => removed successfully
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74112377-5e77-11eb-8a4c-74d435902f3c} => removed successfully
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{884b219b-5e63-11eb-8a4b-74d435902f3c} => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-3984166785-435578412-2767841028-1001\SOFTWARE\Policies\Google => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SpyEmergency => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SpyEmergency => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\UnLockerMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SpyEmergency => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UnLockerMenu => removed successfully
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6426308 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 46016 B
Edge => 4096 B
Firefox => 19560031 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 6656 B
NetworkService => 24493604 B
ctelu => 34047052 B

RecycleBin => 4598784 B
EmptyTemp: => 94.9 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-05-2021 16:02:30)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 16:02:30 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola PC po viru

#12 Příspěvek od Rudy »

Smazáno. Log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

JiJi
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 16 pro 2005 16:41
Bydliště: Olomouc, ČR

Re: Kontrola PC po viru

#13 Příspěvek od JiJi »

Je-li to vše tak děkuji
JiJi

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola PC po viru

#14 Příspěvek od Rudy »

Z mé strany je to vše. Nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno