maličko pomalejší PC

Zpráva

tamatun · #1 Příspěvek od **tamatun** » 25 bře 2019 18:18

prosím o preventivní kontrolu

Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2019-03-25 18:14:47
Microsoft Windows 10 Home
System drive C: has 208 GB (35%) free of 592 GB
Total RAM: 3948 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:15:04, on 25.3.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKCU\..\Run: [Google Update] C:\Users\admin\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinit.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\elevation_service.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 12257 bytes

======Listing Processes======

c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem

c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
C:\WINDOWS\system32\svchost.exe -k LocalService -p
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection

C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
dashost.exe {93ed58cc-2c9b-4334-8b925f4b3db73c5c}
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe"
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
C:\Windows\system32\HPSIsvc.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
"C:\Program Files\Elantech\ETDService.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
C:\Windows\system32\CxAudMsg64.exe
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv

C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe"

"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\rempl\sedsvc.exe"

c:\windows\system32\svchost.exe -k netsvcs -p
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc

c:\windows\system32\svchost.exe -k netsvcs -p -s BITS

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"fontdrvhost.exe"
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k netsvcs -p
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
"C:\Program Files\rempl\sedlauncher.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files\Elantech\ETDCtrl.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\WINDOWS\system32\browser_broker.exe -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" XGpuTrayIcon"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"ctfmon.exe"
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe"
"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
AvastUI.exe /nogui
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe"
"C:\WINDOWS\system32\igfxext.exe" -Embedding
"C:\WINDOWS\system32\igfxsrvc.exe" -Embedding
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s DoSvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=72.0.3626.121 --initial-client-data=0x1e4,0x1e8,0x1ec,0x1e0,0x1f0,0x7fff9d225510,0x7fff9d225520,0x7fff9d225530
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=11296 --on-initialized-event-handle=688 --parent-handle=696 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12988110831457014035 --mojo-platform-channel-handle=1740 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --lang=cs --service-sandbox-type=network --service-request-channel-token=3791621195675660448 --mojo-platform-channel-handle=2060 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --service-pipe-token=4861257087376608264 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4861257087376608264 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --service-pipe-token=4630255280517880623 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4630255280517880623 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --service-pipe-token=12926477753831962921 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12926477753831962921 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --service-pipe-token=10379602391039413540 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10379602391039413540 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --service-pipe-token=18135156414951502396 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18135156414951502396 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --service-pipe-token=14685940085602128826 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14685940085602128826 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe27_ Global\UsGthrCtrlFltPipeMssGthrPipe27 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 760 764 772 8192 768
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\WINDOWS\system32\AUDIODG.EXE 0x5e4
c:\windows\system32\svchost.exe -k bcastdvruserservice -s BcastDVRUserService
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --service-pipe-token=10883496755750230401 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10883496755750230401 --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,1839890224131193384,317803183156143575,131072 --service-pipe-token=17558962920652594627 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17558962920652594627 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
"C:\Users\admin\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001Core.job - C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001UA.job - C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8fvypf6x.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/?utm_source=ch-to ... paign=home"
prefs.js - "keyword.URL" - "https://www.google.com/search?q={searchTerms}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.156 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.156 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8fvypf6x.default\extensions\
toolbar@centrumholdings.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-04-04 43520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2015-10-07 3242696]
"Power Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2011-03-28 499304]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-10-17 242392]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2017-03-09 193112]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2017-03-09 420960]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2017-03-09 463960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\admin\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [2018-12-20 605992]
"OneDrive"=C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-06-21 1628840]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-04-02 340848]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2011-03-29 408432]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2011-03-29 202608]
"BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440]
"ArcadeMovieService"=C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-05-10 177448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2017-03-09 460936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-03-25 18:14:47 ----D---- C:\rsit
2019-03-13 14:03:43 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2019-03-13 14:03:43 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2019-03-13 14:03:42 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2019-03-13 14:03:42 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-13 14:03:41 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2019-03-13 14:03:40 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2019-03-13 14:03:40 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2019-03-13 14:03:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-13 14:03:39 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2019-03-13 14:03:38 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2019-03-13 14:03:37 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2019-03-13 14:03:36 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2019-03-13 14:03:36 ----A---- C:\WINDOWS\system32\ResetEngine.dll
2019-03-13 14:03:36 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-13 14:03:35 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2019-03-13 14:03:35 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2019-03-13 14:03:35 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2019-03-13 14:03:35 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2019-03-13 14:03:35 ----A---- C:\WINDOWS\system32\drivers\refsv1.sys
2019-03-13 14:03:35 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2019-03-13 14:03:34 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2019-03-13 14:03:33 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2019-03-13 14:03:33 ----A---- C:\WINDOWS\system32\audiosrv.dll
2019-03-13 14:03:33 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-13 14:03:32 ----A---- C:\WINDOWS\system32\OpcServices.dll
2019-03-13 14:03:31 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-03-13 14:03:31 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-13 14:03:31 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2019-03-13 14:03:30 ----A---- C:\WINDOWS\system32\urlmon.dll
2019-03-13 14:03:30 ----A---- C:\WINDOWS\system32\drivers\refs.sys
2019-03-13 14:03:30 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2019-03-13 14:03:29 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2019-03-13 14:03:29 ----A---- C:\WINDOWS\system32\jscript9.dll
2019-03-13 14:03:29 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2019-03-13 14:03:28 ----A---- C:\WINDOWS\SYSWOW64\propsys.dll
2019-03-13 14:03:28 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-03-13 14:03:28 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2019-03-13 14:03:28 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2019-03-13 14:03:28 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-03-13 14:03:28 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-03-13 14:03:27 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2019-03-13 14:03:27 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2019-03-13 14:03:27 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-13 14:03:27 ----A---- C:\WINDOWS\system32\audiodg.exe
2019-03-13 14:03:26 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2019-03-13 14:03:26 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2019-03-13 14:03:26 ----A---- C:\WINDOWS\system32\msxml3.dll
2019-03-13 14:03:26 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2019-03-13 14:03:26 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-13 14:03:25 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2019-03-13 14:03:25 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2019-03-13 14:03:25 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-03-13 14:03:25 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-03-13 14:03:24 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2019-03-13 14:03:24 ----A---- C:\WINDOWS\system32\ieframe.dll
2019-03-13 14:03:23 ----A---- C:\WINDOWS\system32\jscript.dll
2019-03-13 14:03:23 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-03-13 14:03:22 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2019-03-13 14:03:22 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-03-13 14:03:21 ----A---- C:\WINDOWS\system32\propsys.dll
2019-03-13 14:03:21 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2019-03-13 14:03:21 ----A---- C:\WINDOWS\system32\combase.dll
2019-03-13 14:03:21 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-13 14:03:20 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-13 14:03:20 ----A---- C:\WINDOWS\system32\drivers\http.sys
2019-03-13 14:03:20 ----A---- C:\WINDOWS\system32\AudioSes.dll
2019-03-13 14:03:19 ----A---- C:\WINDOWS\system32\win32kbase.sys
2019-03-13 14:03:19 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2019-03-13 14:03:18 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-13 14:03:18 ----A---- C:\WINDOWS\system32\msxml6.dll
2019-03-13 14:03:18 ----A---- C:\WINDOWS\system32\msi.dll
2019-03-13 14:03:17 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2019-03-13 14:03:17 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-13 14:03:16 ----A---- C:\WINDOWS\system32\wininet.dll
2019-03-13 14:03:16 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2019-03-13 14:03:16 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2019-03-13 14:03:15 ----A---- C:\WINDOWS\system32\iertutil.dll
2019-03-13 14:03:15 ----A---- C:\WINDOWS\system32\edgeIso.dll
2019-03-13 14:03:14 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-13 14:03:14 ----A---- C:\WINDOWS\system32\mshtml.dll
2019-03-13 14:03:11 ----A---- C:\WINDOWS\system32\msvproc.dll
2019-03-13 14:03:11 ----A---- C:\WINDOWS\system32\edgehtml.dll
2019-03-13 14:03:10 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2019-03-13 14:03:10 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-13 14:03:09 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2019-03-13 14:03:08 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2019-03-13 14:03:07 ----A---- C:\WINDOWS\system32\Hydrogen.dll
2019-03-13 14:02:53 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2019-03-13 14:02:53 ----A---- C:\WINDOWS\system32\cdp.dll
2019-03-13 14:02:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-13 14:02:51 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2019-03-13 14:02:51 ----A---- C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-13 14:02:51 ----A---- C:\WINDOWS\system32\AudioEng.dll
2019-03-13 14:02:50 ----A---- C:\WINDOWS\system32\winresume.exe
2019-03-13 14:02:50 ----A---- C:\WINDOWS\system32\winload.exe
2019-03-13 14:02:50 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-13 14:02:50 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2019-03-13 14:02:50 ----A---- C:\WINDOWS\system32\reseteng.dll
2019-03-13 14:02:50 ----A---- C:\WINDOWS\system32\hvloader.dll
2019-03-13 14:02:49 ----A---- C:\WINDOWS\system32\StartTileData.dll
2019-03-13 14:02:49 ----A---- C:\WINDOWS\system32\sppobjs.dll
2019-03-13 14:02:48 ----A---- C:\WINDOWS\system32\wimserv.exe
2019-03-13 14:02:48 ----A---- C:\WINDOWS\system32\wimgapi.dll
2019-03-13 14:02:48 ----A---- C:\WINDOWS\system32\wer.dll
2019-03-13 14:02:48 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-13 14:02:48 ----A---- C:\WINDOWS\system32\ReAgent.dll
2019-03-13 14:02:48 ----A---- C:\WINDOWS\system32\rasmans.dll
2019-03-13 14:02:48 ----A---- C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-13 14:02:48 ----A---- C:\WINDOWS\system32\ActivationManager.dll
2019-03-13 14:02:47 ----A---- C:\WINDOWS\SYSWOW64\wimgapi.dll
2019-03-13 14:02:47 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2019-03-13 14:02:47 ----A---- C:\WINDOWS\SYSWOW64\ReAgent.dll
2019-03-13 14:02:47 ----A---- C:\WINDOWS\system32\mos.dll
2019-03-13 14:02:46 ----A---- C:\WINDOWS\SYSWOW64\ActivationManager.dll
2019-03-13 14:02:46 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-13 14:02:46 ----A---- C:\WINDOWS\system32\appraiser.dll
2019-03-13 14:02:46 ----A---- C:\WINDOWS\system32\acmigration.dll
2019-03-13 14:02:45 ----A---- C:\WINDOWS\system32\rascustom.dll
2019-03-13 14:02:45 ----A---- C:\WINDOWS\system32\dcntel.dll
2019-03-13 14:02:45 ----A---- C:\WINDOWS\system32\BingMaps.dll
2019-03-13 14:02:45 ----A---- C:\WINDOWS\system32\aepic.dll
2019-03-13 14:02:45 ----A---- C:\WINDOWS\system32\aeinv.dll
2019-03-13 14:02:44 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2019-03-13 14:02:44 ----A---- C:\WINDOWS\system32\generaltel.dll
2019-03-13 14:02:44 ----A---- C:\WINDOWS\system32\fcon.dll
2019-03-13 14:02:44 ----A---- C:\WINDOWS\system32\drivers\srvnet.sys
2019-03-13 14:02:44 ----A---- C:\WINDOWS\system32\dosvc.dll
2019-03-13 14:02:43 ----A---- C:\WINDOWS\system32\systemreset.exe
2019-03-13 14:02:43 ----A---- C:\WINDOWS\system32\aitstatic.exe
2019-03-13 14:02:42 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2019-03-13 14:02:42 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2019-03-13 14:02:42 ----A---- C:\WINDOWS\system32\WerFault.exe
2019-03-13 14:02:42 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2019-03-13 14:02:42 ----A---- C:\WINDOWS\system32\msctf.dll
2019-03-13 14:02:42 ----A---- C:\WINDOWS\system32\lpasvc.dll
2019-03-13 14:02:42 ----A---- C:\WINDOWS\system32\devinv.dll
2019-03-13 14:02:42 ----A---- C:\WINDOWS\system32\cdprt.dll
2019-03-13 14:02:41 ----A---- C:\WINDOWS\SYSWOW64\WerFault.exe
2019-03-13 14:02:41 ----A---- C:\WINDOWS\SYSWOW64\ucrtbase.dll
2019-03-13 14:02:41 ----A---- C:\WINDOWS\system32\wsp_health.dll
2019-03-13 14:02:41 ----A---- C:\WINDOWS\system32\wsp_fs.dll
2019-03-13 14:02:41 ----A---- C:\WINDOWS\system32\invagent.dll
2019-03-13 14:02:41 ----A---- C:\WINDOWS\system32\gpsvc.dll
2019-03-13 14:02:41 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-13 14:02:41 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-13 14:02:40 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2019-03-13 14:02:40 ----A---- C:\WINDOWS\system32\MapRouter.dll
2019-03-13 14:02:40 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2019-03-13 14:02:39 ----A---- C:\WINDOWS\system32\wlansvc.dll
2019-03-13 14:02:39 ----A---- C:\WINDOWS\system32\localspl.dll
2019-03-13 14:02:39 ----A---- C:\WINDOWS\system32\dpx.dll
2019-03-13 14:02:38 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-03-13 14:02:38 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-13 14:02:38 ----A---- C:\WINDOWS\system32\NMAA.dll
2019-03-13 14:02:38 ----A---- C:\WINDOWS\system32\kernel32.dll
2019-03-13 14:02:38 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-03-13 14:02:37 ----A---- C:\WINDOWS\SYSWOW64\msrd2x40.dll
2019-03-13 14:02:37 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2019-03-13 14:02:37 ----A---- C:\WINDOWS\SYSWOW64\dpx.dll
2019-03-13 14:02:37 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-13 14:02:37 ----A---- C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-13 14:02:37 ----A---- C:\WINDOWS\system32\policymanager.dll
2019-03-13 14:02:37 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-13 14:02:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2019-03-13 14:02:36 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2019-03-13 14:02:36 ----A---- C:\WINDOWS\system32\resutils.dll
2019-03-13 14:02:36 ----A---- C:\WINDOWS\system32\MapsStore.dll
2019-03-13 14:02:36 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2019-03-13 14:02:36 ----A---- C:\WINDOWS\system32\AppResolver.dll
2019-03-13 14:02:35 ----A---- C:\WINDOWS\SYSWOW64\wsp_health.dll
2019-03-13 14:02:35 ----A---- C:\WINDOWS\SYSWOW64\wsp_fs.dll
2019-03-13 14:02:35 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2019-03-13 14:02:35 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2019-03-13 14:02:35 ----A---- C:\WINDOWS\system32\clusapi.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\system32\RTWorkQ.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\system32\pcasvc.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\system32\msvcp_win.dll
2019-03-13 14:02:34 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2019-03-13 14:02:34 ----A---- C:\WINDOWS\system32\drivers\fastfat.sys
2019-03-13 14:02:34 ----A---- C:\WINDOWS\system32\domgmt.dll
2019-03-13 14:02:33 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2019-03-13 14:02:33 ----A---- C:\WINDOWS\system32\mprddm.dll
2019-03-13 14:02:32 ----A---- C:\WINDOWS\system32\msv1_0.dll
2019-03-13 14:02:31 ----A---- C:\WINDOWS\SYSWOW64\RTWorkQ.dll
2019-03-13 14:02:31 ----A---- C:\WINDOWS\SYSWOW64\resutils.dll
2019-03-13 14:02:31 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2019-03-13 14:02:31 ----A---- C:\WINDOWS\SYSWOW64\msvcp_win.dll
2019-03-13 14:02:31 ----A---- C:\WINDOWS\system32\taskhostw.exe
2019-03-13 14:02:31 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2019-03-13 14:02:31 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2019-03-13 14:02:31 ----A---- C:\WINDOWS\system32\hal.dll
2019-03-13 14:02:31 ----A---- C:\WINDOWS\system32\drivers\exfat.sys
2019-03-13 14:02:31 ----A---- C:\WINDOWS\system32\drivers\bridge.sys
2019-03-13 14:02:31 ----A---- C:\WINDOWS\system32\AcLayers.dll
2019-03-13 14:02:30 ----A---- C:\WINDOWS\SYSWOW64\mprddm.dll
2019-03-13 14:02:30 ----A---- C:\WINDOWS\SYSWOW64\mf3216.dll
2019-03-13 14:02:30 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2019-03-13 14:02:30 ----A---- C:\WINDOWS\SYSWOW64\dhcpcore6.dll
2019-03-13 14:02:30 ----A---- C:\WINDOWS\system32\werui.dll
2019-03-13 14:02:30 ----A---- C:\WINDOWS\system32\mf3216.dll
2019-03-13 14:02:30 ----A---- C:\WINDOWS\system32\drivers\npfs.sys
2019-03-13 14:02:30 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2019-03-13 14:02:29 ----A---- C:\WINDOWS\SYSWOW64\WerFaultSecure.exe
2019-03-13 14:02:29 ----A---- C:\WINDOWS\SYSWOW64\dhcpcore.dll
2019-03-13 14:02:29 ----A---- C:\WINDOWS\SYSWOW64\clusapi.dll
2019-03-13 14:02:29 ----A---- C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-13 14:02:29 ----A---- C:\WINDOWS\system32\weretw.dll
2019-03-13 14:02:29 ----A---- C:\WINDOWS\system32\Faultrep.dll
2019-03-13 14:02:29 ----A---- C:\WINDOWS\system32\drivers\appid.sys
2019-03-13 14:02:29 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2019-03-13 14:02:29 ----A---- C:\WINDOWS\system32\dhcpcore6.dll
2019-03-13 14:02:29 ----A---- C:\WINDOWS\system32\dhcpcore.dll
2019-03-13 14:02:29 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2019-03-13 14:02:28 ----A---- C:\WINDOWS\SYSWOW64\cdprt.dll
2019-03-13 14:02:28 ----A---- C:\WINDOWS\SYSWOW64\AcLayers.dll
2019-03-13 14:02:28 ----A---- C:\WINDOWS\system32\moshostcore.dll
2019-03-13 14:02:27 ----A---- C:\WINDOWS\SYSWOW64\werui.dll
2019-03-13 14:02:27 ----A---- C:\WINDOWS\SYSWOW64\srpapi.dll
2019-03-13 14:02:27 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2019-03-13 14:02:27 ----A---- C:\WINDOWS\SYSWOW64\CredentialMigrationHandler.dll
2019-03-13 14:02:27 ----A---- C:\WINDOWS\system32\srpapi.dll
2019-03-13 14:02:27 ----A---- C:\WINDOWS\system32\mcbuilder.exe
2019-03-13 14:02:27 ----A---- C:\WINDOWS\system32\drivers\udfs.sys
2019-03-13 14:02:27 ----A---- C:\WINDOWS\system32\drivers\srv.sys
2019-03-13 14:02:27 ----A---- C:\WINDOWS\system32\drivers\msfs.sys
2019-03-13 14:02:27 ----A---- C:\WINDOWS\system32\drivers\mrxsmb10.sys
2019-03-13 14:02:27 ----A---- C:\WINDOWS\system32\drivers\cdfs.sys
2019-03-13 14:02:27 ----A---- C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-13 14:02:26 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2019-03-13 14:02:26 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2019-03-13 14:02:26 ----A---- C:\WINDOWS\SYSWOW64\mcbuilder.exe
2019-03-13 14:02:26 ----A---- C:\WINDOWS\SYSWOW64\AppLockerCSP.dll
2019-03-13 14:02:26 ----A---- C:\WINDOWS\system32\tzres.dll
2019-03-13 14:02:26 ----A---- C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-13 14:02:26 ----A---- C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-13 14:02:26 ----A---- C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-13 14:02:26 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2019-03-13 14:02:26 ----A---- C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-13 14:02:26 ----A---- C:\WINDOWS\system32\AppLockerCSP.dll

======List of files/folders modified in the last 1 month======

2019-03-25 18:15:01 ----D---- C:\Program Files\trend micro
2019-03-25 18:13:34 ----D---- C:\WINDOWS\Prefetch
2019-03-25 18:11:13 ----HD---- C:\Program Files\WindowsApps
2019-03-25 18:11:07 ----D---- C:\WINDOWS\Temp
2019-03-25 17:57:04 ----D---- C:\WINDOWS\AppReadiness
2019-03-25 17:56:10 ----D---- C:\ProgramData\clear.fi
2019-03-25 17:55:25 ----D---- C:\WINDOWS\System32
2019-03-25 17:55:25 ----D---- C:\WINDOWS\INF
2019-03-25 17:55:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-25 17:52:06 ----D---- C:\WINDOWS\system32\sru
2019-03-22 07:28:40 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-03-21 18:09:25 ----D---- C:\WINDOWS\system32\SleepStudy
2019-03-21 17:33:31 ----SHD---- C:\System Volume Information
2019-03-21 17:33:02 ----D---- C:\WINDOWS\Logs
2019-03-21 17:26:30 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2019-03-21 17:22:10 ----D---- C:\ProgramData\NVIDIA
2019-03-21 16:26:28 ----RD---- C:\WINDOWS\Microsoft.NET
2019-03-21 15:51:50 ----AD---- C:\Program Files (x86)\TeamViewer
2019-03-21 15:45:47 ----D---- C:\WINDOWS\system32\LogFiles
2019-03-20 22:14:49 ----SHD---- C:\Config.Msi
2019-03-20 21:20:33 ----D---- C:\WINDOWS\system32\config
2019-03-20 08:31:48 ----SHD---- C:\WINDOWS\Installer
2019-03-20 08:31:44 ----AD---- C:\Program Files\rempl
2019-03-19 08:18:57 ----D---- C:\WINDOWS\WinSxS
2019-03-13 22:11:24 ----D---- C:\WINDOWS\system32\DriverStore
2019-03-13 22:10:46 ----D---- C:\WINDOWS\system32\drivers
2019-03-13 22:09:59 ----D---- C:\WINDOWS\system32\catroot2
2019-03-13 22:08:41 ----D---- C:\WINDOWS\TextInput
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\migration
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\en-US
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2019-03-13 22:08:41 ----D---- C:\WINDOWS\SysWOW64
2019-03-13 22:08:36 ----D---- C:\WINDOWS\system32\zu-ZA
2019-03-13 22:08:36 ----D---- C:\WINDOWS\system32\yo-NG
2019-03-13 22:08:36 ----D---- C:\WINDOWS\system32\xh-ZA
2019-03-13 22:08:36 ----D---- C:\WINDOWS\system32\wo-SN
2019-03-13 22:08:36 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2019-03-13 22:08:35 ----SD---- C:\WINDOWS\system32\UNP
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\tn-ZA
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\ti-ET
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\rw-RW
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\oobe
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\nso-ZA
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\migration
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\ig-NG
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2019-03-13 22:08:35 ----D---- C:\WINDOWS\system32\en-US
2019-03-13 22:08:34 ----D---- C:\WINDOWS\system32\chr-CHER-US
2019-03-13 22:08:34 ----D---- C:\WINDOWS\system32\cs-CZ
2019-03-13 22:08:34 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2019-03-13 22:08:34 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2019-03-13 22:08:34 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2019-03-13 22:08:34 ----D---- C:\WINDOWS\system32\appraiser
2019-03-13 22:08:33 ----D---- C:\WINDOWS\ShellExperiences
2019-03-13 22:08:32 ----RSD---- C:\WINDOWS\Fonts
2019-03-13 22:08:32 ----RD---- C:\Program Files\Windows Defender
2019-03-13 22:08:32 ----D---- C:\WINDOWS\bcastdvr
2019-03-13 22:08:32 ----D---- C:\WINDOWS\apppatch
2019-03-13 22:08:32 ----D---- C:\Program Files (x86)\Windows Defender
2019-03-13 22:08:30 ----D---- C:\WINDOWS\system32\Boot
2019-03-13 14:13:17 ----D---- C:\WINDOWS\CbsTemp
2019-03-13 14:01:48 ----D---- C:\WINDOWS\system32\MRT
2019-03-13 13:55:26 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-03-13 13:19:57 ----D---- C:\WINDOWS\system32\Macromed
2019-03-13 13:19:54 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2019-03-13 13:19:52 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe
2019-03-06 22:02:01 ----RD---- C:\WINDOWS\assembly
2019-03-04 22:48:06 ----AD---- C:\Program Files (x86)\WinRAR
2019-03-03 17:54:40 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2018-10-17 201928]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2018-10-17 346760]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2018-10-17 59664]
R0 aswElam;aswElam; C:\WINDOWS\system32\drivers\aswElam.sys [2018-10-17 15360]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2018-10-17 88112]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2018-10-17 381144]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 nvpciflt;nvpciflt; C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [2017-01-17 48696]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2018-10-17 201408]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2018-10-17 230512]
R1 aswHdsKe;aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [2018-10-17 185240]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2018-10-17 42456]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2018-10-17 111968]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2018-10-17 1028840]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2018-10-17 467904]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R1 mwlPSDFilter;mwlPSDFilter; C:\WINDOWS\system32\DRIVERS\mwlPSDFilter.sys [2011-08-05 22648]
R1 mwlPSDNServ;mwlPSDNServ; C:\WINDOWS\system32\DRIVERS\mwlPSDNServ.sys [2011-08-05 20520]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\WINDOWS\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-05 62776]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2018-10-17 163376]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2018-10-17 208640]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-09-20 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R3 athr;@netathrx.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athwnx.sys [2018-04-12 4233728]
R3 BTATH_BUS;@oem40.inf,%BTATH_BUS.SVCDESC%;Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2011-08-02 30368]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 ETD;@oem13.inf,%PS2.DeviceDesc%;ELAN Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2015-10-07 525512]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2017-03-09 5382856]
R3 IntcDAud;@oem34.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\System32\drivers\L1C63x64.sys [2018-04-12 121344]
R3 MEIx64;@oem42.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface; C:\WINDOWS\System32\drivers\HECIx64.sys [2010-10-20 56344]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [2017-01-17 14190520]
R3 RSPCIESTOR;@oem69.inf,%Rts5208%;Realtek PCIE CardReader Driver; C:\WINDOWS\system32\DRIVERS\RtsPStor.sys [2015-06-03 374016]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-09-20 128920]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2018-10-17 47064]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-01-09 92704]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;@oem14.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-03-06 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 mvusbews;@oem63.inf,%mvusbews.SvcDesc%;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2009-12-04 20480]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-03-06 945464]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-10-17 325024]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CDPUserSvc_83a735;Uživatelská služba platformy připojených zařízení_83a735; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CxAudMsg;Conexant Audio Message Service; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-03-28 799848]
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2015-10-07 144072]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2009-12-03 126520]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-29 458176]
R2 OneSyncSvc_83a735;Hostitel synchronizace_83a735; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 osrss;@%systemroot%\system32\osrss.dll,-500; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-09-20 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2019-03-16 325432]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-10-17 8188768]
R3 BcastDVRUserService_83a735;Uživatelská služba pro GameDVR a vysílání her_83a735; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 PimIndexMaintenanceSvc_83a735;Data kontaktů_83a735; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-03-16 113704]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-09 164984]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-03-13 335872]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-09 164984]
S3 AvastSecureBrowserElevationService;Avast Secure Browser Elevation Service; C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\elevation_service.exe [2019-03-06 1070600]
S3 AvastWscReporter;AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [2018-10-17 57504]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService_83a735;Služba pro podporu uživatelů Bluetooth_83a735; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2017-03-09 300128]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc_83a735;DevicePicker_83a735; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc_83a735;Tok zařízení_83a735; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-09-20 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-08-25 655624]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-02-14 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\elevation_service.exe [2019-03-01 1271280]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService_83a735;Služba zasílání zpráv_83a735; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-31 148080]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2008-10-24 145248]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc_83a735;PrintWorkflow_83a735; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]

-----------------EOF-----------------

#2 Příspěvek od **Conder** » 25 bře 2019 20:51

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
Nechaj zaskrtnute vsetky nalezy
Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah sem skopiruj

tamatun · #3 Příspěvek od **tamatun** » 25 bře 2019 21:24

nic to nenašlo

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-25.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-25-2019
# Duration: 00:00:26
# OS: Windows 10 Home
# Scanned: 31949
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

#4 Příspěvek od **Conder** » 25 bře 2019 22:10

Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

Dalsi postup bude asi az zajtra.

tamatun · #5 Příspěvek od **tamatun** » 25 bře 2019 22:22

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by admin (25-03-2019 22:18:04)
Running from C:\Users\admin\Desktop
Windows 10 Home Version 1803 17134.648 (X64) (2018-09-20 21:09:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

admin (S-1-5-21-392161629-819489254-3805429688-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-392161629-819489254-3805429688-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-392161629-819489254-3805429688-503 - Limited - Disabled)
Guest (S-1-5-21-392161629-819489254-3805429688-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-392161629-819489254-3805429688-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-392161629-819489254-3805429688-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.01.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0630.2011 - Acer Incorporated)
Acer USB Charge Manager (HKLM-x32\...\{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}) (Version: 1.00.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-55cec7b0-31c5-420f-bd14-ca1da64bf635) (Version: 2.2.0.98 - WildTangent) Hidden
Altus Vario 12.0 (HKLM-x32\...\Altus Vario 12.0) (Version: - Altus software s.r.o.)
Apowersoft Online Launcher verze 1.7.0 (HKU\S-1-5-21-392161629-819489254-3805429688-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.0 - APOWERSOFT LIMITED)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 72.0.1174.121 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Backup Manager V3 (HKLM-x32\...\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-2eaea05d-9e31-412c-9e09-06ef4e57e436) (Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.90 - Atheros Communications)
clear.fi (HKLM-x32\...\{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}) (Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.00 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.7709 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.00 - CyberLink Corp.)
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Crazy Chicken Kart 2 (HKLM-x32\...\WTA-575e5e71-322c-42f6-8aa8-ed36f40b0613) (Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FATE (HKLM-x32\...\WTA-724a7787-af4b-43de-92ae-6524d43bb9bc) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (HKLM-x32\...\WTA-715a0467-7240-48b2-9e73-727544012753) (Version: 2.2.0.95 - WildTangent) Hidden
FORM studio (HKLM-x32\...\FSCZ_is1) (Version: - KASTNER software s.r.o.)
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (HKLM-x32\...\{4736B0ED-F6A1-48EC-A1B7-C053027648F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (HKLM-x32\...\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (HKLM-x32\...\{CB66242D-12B1-4494-82D2-6F53A7E024A3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )
ChromecastApp (HKU\S-1-5-21-392161629-819489254-3805429688-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Chuzzle Deluxe (HKLM-x32\...\WTA-3429378f-04e2-4898-b491-dae8b027e5da) (Version: 2.2.0.95 - WildTangent) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (HKLM-x32\...\WTA-171873b4-4cf8-42e9-85fe-84c5da1cd620) (Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-dc61aa40-b965-4be5-ad08-365974171774) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (HKLM-x32\...\WTA-0c8aaad4-f464-4b63-964e-dec28f137a7a) (Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-6e45c75d-1a3a-402b-b3bf-f3f7fb09ccb7) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access Runtime (Czech) 2007 (HKLM-x32\...\{90120000-001C-0405-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-392161629-819489254-3805429688-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 cs)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-bcbac6fe-ee09-4c1e-a4a0-eb143b762116) (Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
newsXpresso (HKLM-x32\...\{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
NTI Media Maker 9 (HKLM-x32\...\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Online Video Converter version 1.1.0 (HKU\S-1-5-21-392161629-819489254-3805429688-1001\...\{628BF902-EB66-4BDB-97CB-AE4AAAAA5A7F}_is1) (Version: 1.1.0 - APOWERSOFT LIMITED)
Ovládací panel NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery)
PDFTiger (HKLM-x32\...\PDFTiger_is1) (Version: - )
PDFTiger Kernel (HKLM-x32\...\{DE252510-5687-4C60-A705-C43E19F12C9D}_is1) (Version: - )
PDFTigerDriver (HKLM-x32\...\{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1) (Version: - )
Penguins! (HKLM-x32\...\WTA-9e13650c-9b79-4982-a407-50ebc229af8c) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-cb95fbf2-5714-4709-ab8a-e887efc2d851) (Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (HKLM-x32\...\{64376910-1860-4CEF-8B34-AA5D205FC5F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\{7A9D47BA-6D50-4087-866F-0800D8B89383}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (HKLM-x32\...\WTA-0b7724cd-f782-4173-9137-e58895dcdd43) (Version: 2.2.0.97 - WildTangent) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Pošta Windows Live (HKLM-x32\...\{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Slingo Deluxe (HKLM-x32\...\WTA-e11e5866-0656-406f-840e-77d209a0b9b2) (Version: 2.2.0.95 - WildTangent) Hidden
Software602 Form Filler (HKLM-x32\...\{72882900-0AB6-458C-8C36-6AB6FA5CB978}) (Version: 4.50 - Software602 a.s.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.93450 - TeamViewer)
Torchlight (HKLM-x32\...\WTA-0452893e-852f-4346-98c4-aee6ee26b5a8) (Version: 2.2.0.97 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-b282becf-cb37-4218-9033-05d20349c98b) (Version: 2.2.0.97 - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wedding Dash (HKLM-x32\...\WTA-409978eb-274d-4ab4-9c83-ed810a484976) (Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\WTA-54e4d8ac-ae43-4ddd-ae27-dee9f8abfab6) (Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (HKLM-x32\...\{E83DC314-C926-4214-AD58-147691D6FE9F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (HKLM-x32\...\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}) (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (HKLM-x32\...\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (HKLM-x32\...\{4444F27C-B1A8-464E-9486-4C37BAB39A09}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (HKLM-x32\...\{CE929F09-3853-4180-BD90-30764BFF7136}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (HKLM-x32\...\{0A4C4B29-5A9D-4910-A13C-B920D5758744}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\18.091.0506.0006\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MWLIVShellExt] -> {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [2011-04-02] (EGIS TECHNOLOGY INC. -> Egis Technology Inc. )
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2011-03-29] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B1FC05E-ADFD-4CDE-8FED-148E99EA458A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0C8721CC-C5EF-40EB-B896-C1E7D9F5C5D9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001UA1d25870fe968896 => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0F7327EB-FB8C-4D9A-850E-D22B85DF5AA8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1675C949-52E6-443C-9C10-17E762B4720B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19A4801F-641F-4555-8FBA-209B1E8C8FA4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {1EF84A12-C54C-412A-A667-2D04B7C7ED1B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {202F5178-9444-44FE-8892-ECEEAF419C5B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {20ED57AD-DFBA-4742-8C07-AFE55D6E0833} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BA3420C-F544-493C-8826-0DD69E620E46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A9D1F9C-F410-4860-99CD-736F822C6FEE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3D3884FA-8A44-4B75-8EAA-6B072BC707A1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {494F5370-F5EB-4411-A431-7CBF9D39AAC3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4BCE2EF2-273A-42CE-81DD-368DA38074D6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {514D03F9-1356-44C3-B498-7903D1C5E804} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {66A2D6E2-866B-4FF4-AE72-98C6AB96B591} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink -> CyberLink Corp.)
Task: {69D14A81-25B0-49B2-80B3-84BA814D7BBE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F2DBCEF-7924-4CB9-8083-BA427317232D} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-392161629-819489254-3805429688-1001 => C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe () [File not signed]
Task: {7649F167-65CC-47AF-A28D-E92A3CD50029} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8035D069-115F-4012-AFA1-2B41DB2AC807} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {80E17F56-F73A-4D0A-9966-248473856791} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {81E762F9-BCFD-4804-853F-FB892B43965C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {87EAE57A-2270-4AE1-B7B5-546E8CB65E10} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {885CF75C-08D2-4F69-A00F-B3A1F88CF822} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8A8A6092-B88B-438E-88EE-FB3690EF1B4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8C49457C-21A7-49AB-B3F1-AFCDE87AC6C7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8E308F03-85C9-4125-A0BE-0C837B5FABF3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8F24D432-A6B7-4F04-B18B-AD98DE4FA8F6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {9486EA2B-AF98-4D9F-B1B8-4D9C15E50AD6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {96F20E05-E532-464B-9C60-840D31EB173E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {A97841D0-94A2-44EA-B2F1-00D78EE62AA1} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe (CyberLink -> Acer Incorporated)
Task: {ABAC16DF-EEF2-4AE3-AB2E-8FC4D651B483} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AFB46155-E9FD-42E6-9A21-3410B4FD92D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {B4F98294-7C7B-4E6F-A21C-73BA6CE9AA7B} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe (CyberLink -> CyberLink)
Task: {B65FF723-62DB-4798-8B62-BE06A9EEFE19} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BCFC5F09-7C93-4DCE-970E-40D80530D990} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {BDD15393-9530-4B6B-903D-4FF7864FA23E} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {BF44BC53-E908-42D0-A159-A28246369E29} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {CB840800-5057-4812-ADC1-8CC43BBDD524} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001Core1d25870fe53c68c => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D1F15BBA-A865-4B5C-A500-A378FF4AFBF6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D8C0B231-44AA-47DE-8844-B231A2BE4FDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {DF375BC1-A509-473F-B8FC-BF8A3A65F9BE} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {DF46A705-774C-4060-AB07-F67B328DFB4D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {E5964BB6-C64F-48C0-BEFF-372EF1361CBC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {F4EE0466-5025-497C-A2A1-114618411F04} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F9DB03F2-01B3-49F0-94B2-B153E7D78EEC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FA142EBB-DA40-4439-A480-E6F0660036D2} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FD4FA759-448E-4772-9667-B2C430DFCAD7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2012-10-09 17:36 - 2012-06-30 07:46 - 000095744 _____ (pdfforge GbR) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
2011-08-05 02:58 - 2010-12-27 09:30 - 001817088 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2009-01-22 00:45 - 2009-01-22 00:45 - 001401856 _____ () [File not signed] C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-08-05 02:58 - 2010-12-10 02:07 - 000120832 _____ (Realsil Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll
2011-08-05 03:07 - 2011-02-01 22:09 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2011-08-05 03:07 - 2011-02-01 22:13 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2018-09-20 21:43 - 2018-09-20 21:43 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2018-09-20 21:43 - 2018-09-20 21:43 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2011-05-10 02:41 - 2011-05-10 02:41 - 001060864 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Acer\clear.fi\Movie\MFC71.DLL
2011-05-10 02:41 - 2011-05-10 02:41 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Acer\clear.fi\Movie\MSVCR71.dll
2011-05-10 02:41 - 2011-05-10 02:41 - 000499712 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Acer\clear.fi\Movie\MSVCP71.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-02-11 14:05 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\EgisTec MyWinLocker\x64;C:\Program Files (x86)\EgisTec MyWinLocker\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-392161629-819489254-3805429688-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E9920DB5-0BE9-45B8-B8C1-7A600D388C7A}] => (Allow) C:\Users\admin\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{4D6BA28C-1649-40BF-B081-22D207C8CB2E}] => (Allow) C:\Users\admin\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{C728F1D6-8F70-4B9B-9357-AB3A82E92D90}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{174C85A5-4511-4F39-9BBB-573FA11339AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{AC8269E4-5F64-4541-A624-0AB8BB7433C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EFAC9D12-71F4-4E41-A880-EAAA7B4D3423}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E58183FF-C795-41CD-9164-9BB3B25F01BB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0C6C844B-D00A-40BD-82E0-A1574D7C27D3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12ECE95B-DDE7-4BCA-B99D-836F83BE05B8}] => (Allow) LPort=2869
FirewallRules: [{223143CC-410C-45F1-8500-B90466A2D9C9}] => (Allow) LPort=1900
FirewallRules: [{E5F16643-4A1F-4F56-9B3C-4C5EAABFB568}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F32F997-DBFE-4199-A985-71D92BDF96F9}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\VC.exe (Acer Incorporated -> Acer Incoporated)
FirewallRules: [{F1A44D7C-BF3B-4FBF-9D7A-4DCB4677631A}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated -> Acer Incorporated)
FirewallRules: [{7A2D299C-BC81-4440-BFFC-871D8304E5E7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe (CyberLink -> Acer Incorporated)
FirewallRules: [{145F8528-0D17-4FB4-B838-B5EE2204DDA6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{AF6104DB-59B2-45D6-B7B9-0BFB663E70AB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{27C234D3-0BC4-4F68-8A2A-48DAC06D0349}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (CyberLink -> CyberLink)
FirewallRules: [{CD7A30FC-23A0-4A50-838C-BCD5ACFEE323}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (CyberLink -> CyberLink)
FirewallRules: [{87B3E629-D01D-49BD-9BC0-8DD10A836653}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (CyberLink -> CyberLink)
FirewallRules: [{70807441-A690-4CE0-8C62-8D27D1FAEB67}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EC51940A-D9E7-4A6C-B825-C63BEFF3EF75}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{F5E2CAE5-1A67-41AE-A7B0-6CEE654CC2CA}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{644F884E-1383-438E-B86C-0DDE40D81B46}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6CA2FFAB-CF10-4947-BFA5-27928EFA385D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FF2E5589-FBC3-48DA-907D-B5067F9F222F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{1E33BF25-F4F1-491A-8F35-A54F9036F10E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{C81C1EA1-4FC1-4B65-9580-6713033C408F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{33DB48BE-07D8-48F3-AFD6-61699EF7241A}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

04-03-2019 22:43:53 Windows Update
13-03-2019 13:54:09 Windows Update
20-03-2019 08:30:03 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2019 05:26:56 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: admin-PC)
Description: httphttp-2147467263

Error: (03/21/2019 04:21:40 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: admin-PC)
Description: httphttp-2147467263

Error: (03/21/2019 03:48:36 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: admin-PC)
Description: httphttp-2147467263

Error: (03/20/2019 10:13:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WpnUserService, verze: 10.0.17134.556, časové razítko: 0xf23cada5
Název chybujícího modulu: ntdll.dll, verze: 10.0.17134.556, časové razítko: 0x74bed8b0
Kód výjimky: 0xc000000d
Posun chyby: 0x0000000000108580
ID chybujícího procesu: 0xaec
Čas spuštění chybující aplikace: 0x01d4daf37b16f456
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 30b3b8ed-50d5-4eb8-880a-26a17e272a9d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/20/2019 10:13:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WpnUserService, verze: 10.0.17134.556, časové razítko: 0xf23cada5
Název chybujícího modulu: NotificationController.dll, verze: 10.0.17134.165, časové razítko: 0xe0385185
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000007c686
ID chybujícího procesu: 0xaec
Čas spuštění chybující aplikace: 0x01d4daf37b16f456
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\NotificationController.dll
ID zprávy: 3ba34ae0-7bd4-4e8f-9dfa-a487b0fec6af
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/20/2019 08:30:44 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: admin-PC)
Description: httphttp-2147467263

Error: (03/18/2019 09:35:18 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: admin-PC)
Description: httphttp-2147467263

Error: (03/15/2019 08:49:27 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: admin-PC)
Description: httphttp-2147467263

System errors:
=============
Error: (03/25/2019 05:57:30 PM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli admin-PC\admin (SID: S-1-5-21-392161629-819489254-3805429688-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2019 05:53:52 PM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli admin-PC\admin (SID: S-1-5-21-392161629-819489254-3805429688-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2019 05:51:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/21/2019 05:29:44 PM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli admin-PC\admin (SID: S-1-5-21-392161629-819489254-3805429688-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/21/2019 05:22:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba avast! Firewall neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/21/2019 05:22:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby avast! Firewall bylo dosaženo časového limitu (30000 ms).

Error: (03/21/2019 05:22:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:49:49, ‎21.‎03.‎2019) bylo neočekávané.

Error: (03/20/2019 10:16:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba aswbIDSAgent skončila s následující chybou specifickou pro službu:
%%3758213659

Windows Defender:
===================================
Date: 2018-10-02 10:41:43.461
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B03E0AC7-AAF9-4327-B6E0-A0DB50C8056A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-10-02 10:31:52.684
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5E1339CF-84D0-437E-9365-D53901B0BD07}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-10-02 10:22:42.450
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {E1DA0E70-FDD1-46FF-9136-C1023EE8FAB5}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2019-03-21 17:41:47.096
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\ashShA64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-21 17:25:39.158
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-21 17:24:23.315
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-20 22:16:44.300
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-20 22:16:21.786
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-20 22:13:50.868
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-14 19:09:20.982
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-14 19:09:20.915
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 63%
Total physical RAM: 3947.86 MB
Available physical RAM: 1442.59 MB
Total Virtual: 7915.86 MB
Available Virtual: 5162.39 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:578.07 GB) (Free:202.88 GB) NTFS
Drive d: (Moje filmy) (CDROM) (Total:0.3 GB) (Free:0 GB) UDF

\\?\Volume{031a1a5f-cf04-11e0-97da-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{031a1a5e-cf04-11e0-97da-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:18 GB) (Free:2.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 9EDE18FA)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=578.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

tamatun · #6 Příspěvek od **tamatun** » 25 bře 2019 22:22

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by admin (administrator) on ADMIN-PC (25-03-2019 22:15:01)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation -> NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(EGIS TECHNOLOGY INC. -> Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(EGIS TECHNOLOGY INC. -> Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(EGIS TECHNOLOGY INC. -> Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation -> NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Users\admin\Desktop\adwcleaner_7.2.7.0.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [499304 2011-03-28] (Acer Incorporated -> Acer Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation -> NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc. -> Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-10] (CyberLink -> CyberLink Corp.)
HKU\S-1-5-21-392161629-819489254-3805429688-1001\...\Run: [Google Update] => C:\Users\admin\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-20] (Google Inc -> Google Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-06] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\Installer\chrmstp.exe [2019-03-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
AppInit_DLLs: C:\WINDOWS\system32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll => C:\WINDOWS\system32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll [183144 2017-01-17] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\system32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinit.dll => C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinit.dll [161016 2017-01-17] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2011-08-05]
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated -> Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{bfe3f65b-0ad9-4792-90b3-91ac6c2a9291}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f8a0da2b-477a-4928-8678-82bd80cb23bd}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-392161629-819489254-3805429688-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://centrum.cz/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-392161629-819489254-3805429688-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-392161629-819489254-3805429688-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-04-04] (Sun Microsystems, Inc.) [File not signed]

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8fvypf6x.default [2018-12-28]
FF Homepage: Mozilla\Firefox\Profiles\8fvypf6x.default -> hxxp://www.centrum.cz/?utm_source=ch-toolbar&u ... paign=home
FF Extension: (Lišta Centrum.cz) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8fvypf6x.default\Extensions\toolbar@centrumholdings.com [2015-04-20] [Legacy] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2011-10-07] (WildTangent Inc -> )
FF Plugin HKU\S-1-5-21-392161629-819489254-3805429688-1001: @tools.google.com/Google Update;version=3 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-392161629-819489254-3805429688-1001: @tools.google.com/Google Update;version=9 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxxp://www.bing.com/?pc=U223","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2019-03-25]
CHR Extension: (Prezentace) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (SEO Profesional Toolbar) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\adecfhccdknoobplgempjhbojlbpahhn [2017-01-02]
CHR Extension: (Dokumenty) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-02-23]
CHR Extension: (SEO SERP Workbench) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2017-01-02]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-23]
CHR Extension: (Tabulky) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-29]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-03-25]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-02-23]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2017-01-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-11]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-23]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-09] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-16] (AVAST Software a.s. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-09] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\elevation_service.exe [1070600 2019-03-06] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [799848 2011-03-28] (Acer Incorporated -> Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126520 2009-12-03] (Hewlett-Packard Company -> HP)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation -> NTI Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated -> Acer Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6634224 2018-02-02] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201408 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230512 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201928 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346760 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59664 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [185240 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47064 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42456 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163376 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111968 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88112 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028840 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467904 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208640 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381144 2018-10-17] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athwnx.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [5382856 2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2009-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-25 22:15 - 2019-03-25 22:17 - 000026076 _____ C:\Users\admin\Desktop\FRST.txt
2019-03-25 22:14 - 2019-03-25 22:15 - 000000000 ____D C:\FRST
2019-03-25 22:13 - 2019-03-25 22:13 - 002434048 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2019-03-25 22:12 - 2019-03-25 22:13 - 002434048 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2019-03-25 21:22 - 2019-03-25 21:23 - 000000000 ____D C:\AdwCleaner
2019-03-25 21:21 - 2019-03-25 21:21 - 007316688 _____ (Malwarebytes) C:\Users\admin\Desktop\adwcleaner_7.2.7.0.exe
2019-03-25 18:14 - 2019-03-25 18:15 - 000000000 ____D C:\rsit
2019-03-25 18:13 - 2019-03-25 18:13 - 001222144 _____ C:\Users\admin\Desktop\RSITx64.exe
2019-03-25 18:06 - 2019-03-25 18:05 - 000000900 _____ C:\Users\admin\Desktop\mobil.lnk
2019-03-25 18:05 - 2019-03-25 18:05 - 000000900 _____ C:\Users\admin\Documents\mobil – zástupce.lnk
2019-03-25 18:05 - 2019-03-25 18:05 - 000000000 ____D C:\Users\admin\Documents\mobil
2019-03-25 17:53 - 2019-03-25 17:53 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
2019-03-13 22:09 - 2019-03-13 22:09 - 000000000 _____ C:\WINDOWS\system32\last.dump
2019-03-13 14:03 - 2019-03-06 16:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-13 14:03 - 2019-03-06 16:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-13 14:03 - 2019-03-06 16:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-13 14:03 - 2019-03-06 16:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-13 14:03 - 2019-03-06 13:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-13 14:03 - 2019-03-06 13:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-13 14:03 - 2019-03-06 10:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-13 14:03 - 2019-03-06 10:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-13 14:03 - 2019-03-06 10:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-13 14:03 - 2019-03-06 10:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-13 14:03 - 2019-03-06 10:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-13 14:03 - 2019-03-06 10:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-13 14:03 - 2019-03-06 10:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-13 14:03 - 2019-03-06 10:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-13 14:03 - 2019-03-06 10:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-13 14:03 - 2019-03-06 10:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-13 14:03 - 2019-03-06 10:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-13 14:03 - 2019-03-06 10:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-13 14:03 - 2019-03-06 10:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-13 14:03 - 2019-03-06 10:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-13 14:03 - 2019-03-06 10:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-13 14:03 - 2019-03-06 09:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-13 14:03 - 2019-03-06 09:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-13 14:03 - 2019-03-06 09:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-13 14:03 - 2019-03-06 09:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-13 14:03 - 2019-03-06 09:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-13 14:03 - 2019-03-06 09:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-13 14:03 - 2019-03-06 09:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-13 14:03 - 2019-03-06 09:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-13 14:03 - 2019-03-06 09:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-13 14:03 - 2019-03-06 09:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-13 14:03 - 2019-03-06 09:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-13 14:03 - 2019-03-06 09:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-13 14:03 - 2019-03-06 09:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-13 14:03 - 2019-03-06 09:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-13 14:03 - 2019-03-06 09:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-13 14:03 - 2019-03-06 09:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-13 14:03 - 2019-03-06 09:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-13 14:03 - 2019-03-06 09:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-13 14:03 - 2019-03-06 09:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-13 14:03 - 2019-03-06 09:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-13 14:03 - 2019-03-06 09:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-13 14:03 - 2019-03-06 07:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-13 14:03 - 2019-03-06 07:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-13 14:03 - 2019-03-06 07:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-13 14:03 - 2019-03-06 07:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-13 14:03 - 2019-03-06 07:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-13 14:03 - 2019-03-06 06:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-13 14:03 - 2019-03-06 06:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-13 14:03 - 2019-03-06 06:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-13 14:03 - 2019-03-06 06:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-13 14:03 - 2019-03-06 06:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-13 14:03 - 2019-03-06 06:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-13 14:03 - 2019-03-06 06:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-13 14:03 - 2019-03-06 06:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-13 14:03 - 2019-03-06 06:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-13 14:03 - 2019-03-06 06:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-13 14:03 - 2019-03-06 06:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-13 14:03 - 2019-03-06 06:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-13 14:03 - 2019-03-06 06:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-13 14:03 - 2019-03-06 06:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-13 14:03 - 2019-02-16 13:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-13 14:03 - 2019-02-16 13:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-13 14:03 - 2019-02-16 13:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-13 14:03 - 2019-02-16 11:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-13 14:03 - 2019-02-16 11:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-13 14:03 - 2019-02-16 09:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-13 14:03 - 2019-02-16 09:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-13 14:03 - 2019-02-16 09:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-13 14:03 - 2019-02-16 09:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-13 14:03 - 2019-02-16 09:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-13 14:03 - 2019-02-16 09:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-13 14:03 - 2019-02-16 09:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-13 14:03 - 2019-02-16 09:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-13 14:03 - 2019-02-16 09:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-13 14:03 - 2019-02-16 09:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-13 14:03 - 2019-02-16 08:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-13 14:03 - 2019-02-16 08:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-13 14:03 - 2019-02-16 08:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-13 14:03 - 2019-02-16 08:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-13 14:03 - 2019-02-16 08:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-13 14:03 - 2019-02-16 08:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-13 14:03 - 2019-02-16 08:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-13 14:03 - 2019-02-16 08:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-13 14:03 - 2019-02-16 08:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-13 14:03 - 2019-02-16 08:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-13 14:03 - 2019-02-16 08:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-13 14:02 - 2019-03-06 16:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-13 14:02 - 2019-03-06 16:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-13 14:02 - 2019-03-06 16:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-13 14:02 - 2019-03-06 16:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-13 14:02 - 2019-03-06 16:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-13 14:02 - 2019-03-06 16:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-13 14:02 - 2019-03-06 16:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-13 14:02 - 2019-03-06 16:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-13 14:02 - 2019-03-06 16:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-13 14:02 - 2019-03-06 16:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-13 14:02 - 2019-03-06 16:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-13 14:02 - 2019-03-06 16:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-13 14:02 - 2019-03-06 13:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-13 14:02 - 2019-03-06 13:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-13 14:02 - 2019-03-06 13:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-13 14:02 - 2019-03-06 13:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-13 14:02 - 2019-03-06 13:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-13 14:02 - 2019-03-06 13:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-13 14:02 - 2019-03-06 13:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-13 14:02 - 2019-03-06 12:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-13 14:02 - 2019-03-06 10:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-13 14:02 - 2019-03-06 10:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-13 14:02 - 2019-03-06 10:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-13 14:02 - 2019-03-06 10:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-13 14:02 - 2019-03-06 10:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-13 14:02 - 2019-03-06 10:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-13 14:02 - 2019-03-06 10:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-13 14:02 - 2019-03-06 10:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-13 14:02 - 2019-03-06 10:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-13 14:02 - 2019-03-06 10:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-13 14:02 - 2019-03-06 10:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-13 14:02 - 2019-03-06 10:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-13 14:02 - 2019-03-06 10:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-13 14:02 - 2019-03-06 10:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-13 14:02 - 2019-03-06 10:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-13 14:02 - 2019-03-06 10:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-13 14:02 - 2019-03-06 10:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-13 14:02 - 2019-03-06 10:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-13 14:02 - 2019-03-06 10:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-13 14:02 - 2019-03-06 09:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-13 14:02 - 2019-03-06 09:32 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2019-03-13 14:02 - 2019-03-06 09:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-13 14:02 - 2019-03-06 09:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-13 14:02 - 2019-03-06 09:31 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2019-03-13 14:02 - 2019-03-06 09:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-13 14:02 - 2019-03-06 09:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-13 14:02 - 2019-03-06 09:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-13 14:02 - 2019-03-06 09:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-13 14:02 - 2019-03-06 09:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-13 14:02 - 2019-03-06 09:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-13 14:02 - 2019-03-06 09:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-13 14:02 - 2019-03-06 09:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-13 14:02 - 2019-03-06 09:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-13 14:02 - 2019-03-06 08:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-13 14:02 - 2019-03-06 07:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-13 14:02 - 2019-03-06 07:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-13 14:02 - 2019-03-06 07:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-13 14:02 - 2019-03-06 07:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-13 14:02 - 2019-03-06 07:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-13 14:02 - 2019-03-06 07:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-13 14:02 - 2019-03-06 06:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-13 14:02 - 2019-03-06 06:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-13 14:02 - 2019-03-06 06:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-13 14:02 - 2019-02-21 04:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-13 14:02 - 2019-02-16 14:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-13 14:02 - 2019-02-16 14:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-13 14:02 - 2019-02-16 14:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-13 14:02 - 2019-02-16 14:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-13 14:02 - 2019-02-16 14:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-13 14:02 - 2019-02-16 14:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-13 14:02 - 2019-02-16 14:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-13 14:02 - 2019-02-16 14:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-13 14:02 - 2019-02-16 14:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-13 14:02 - 2019-02-16 13:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-13 14:02 - 2019-02-16 13:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-13 14:02 - 2019-02-16 13:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-13 14:02 - 2019-02-16 13:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-13 14:02 - 2019-02-16 13:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-13 14:02 - 2019-02-16 13:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-13 14:02 - 2019-02-16 13:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-13 14:02 - 2019-02-16 13:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-13 14:02 - 2019-02-16 13:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-13 14:02 - 2019-02-16 13:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-13 14:02 - 2019-02-16 13:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-13 14:02 - 2019-02-16 13:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-13 14:02 - 2019-02-16 13:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-13 14:02 - 2019-02-16 13:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-13 14:02 - 2019-02-16 13:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-13 14:02 - 2019-02-16 13:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-13 14:02 - 2019-02-16 13:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-13 14:02 - 2019-02-16 13:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-13 14:02 - 2019-02-16 13:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-13 14:02 - 2019-02-16 13:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-13 14:02 - 2019-02-16 13:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-13 14:02 - 2019-02-16 13:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-13 14:02 - 2019-02-16 13:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-13 14:02 - 2019-02-16 13:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-13 14:02 - 2019-02-16 13:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-13 14:02 - 2019-02-16 13:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-13 14:02 - 2019-02-16 13:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-13 14:02 - 2019-02-16 13:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-13 14:02 - 2019-02-16 09:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-13 14:02 - 2019-02-16 09:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-13 14:02 - 2019-02-16 09:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-13 14:02 - 2019-02-16 09:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-13 14:02 - 2019-02-16 09:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-13 14:02 - 2019-02-16 09:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-13 14:02 - 2019-02-16 09:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-13 14:02 - 2019-02-16 09:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-13 14:02 - 2019-02-16 09:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-13 14:02 - 2019-02-16 09:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-13 14:02 - 2019-02-16 09:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-13 14:02 - 2019-02-16 09:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-13 14:02 - 2019-02-16 09:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-13 14:02 - 2019-02-16 09:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-13 14:02 - 2019-02-16 09:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-13 14:02 - 2019-02-16 09:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-13 14:02 - 2019-02-16 09:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-13 14:02 - 2019-02-16 08:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-13 14:02 - 2019-02-16 08:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-13 14:02 - 2019-02-16 08:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-13 14:02 - 2019-02-16 08:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-13 14:02 - 2019-02-16 08:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-13 14:02 - 2019-02-16 08:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-13 14:02 - 2019-02-16 08:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-13 14:02 - 2019-02-16 08:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-13 14:02 - 2019-02-16 08:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-13 14:02 - 2019-02-16 08:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-13 14:02 - 2019-02-16 08:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-13 14:02 - 2019-02-16 08:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-13 14:02 - 2019-02-16 08:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-13 14:02 - 2019-02-16 08:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-13 14:02 - 2019-02-16 08:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-13 14:02 - 2019-02-16 08:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-13 14:02 - 2019-02-16 08:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-13 14:02 - 2019-02-16 08:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-13 14:02 - 2019-02-16 08:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-13 14:02 - 2019-02-16 08:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-13 14:02 - 2019-02-16 08:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-13 14:02 - 2019-02-16 08:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-13 14:02 - 2019-02-16 08:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-13 14:02 - 2019-02-16 08:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-13 14:02 - 2019-02-16 08:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-13 14:02 - 2019-02-16 08:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-13 14:02 - 2019-02-16 08:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-13 14:02 - 2019-02-16 08:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-13 14:02 - 2019-02-16 08:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-13 14:02 - 2019-02-16 08:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-13 14:02 - 2019-02-16 08:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-13 14:02 - 2019-02-16 08:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-13 14:02 - 2019-02-16 08:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-13 14:02 - 2019-02-16 08:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-13 14:02 - 2019-02-16 08:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-13 14:02 - 2019-02-16 08:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-13 14:02 - 2019-02-16 08:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-13 14:02 - 2019-02-16 08:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-13 14:02 - 2019-02-16 08:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-13 14:02 - 2019-02-16 08:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-13 14:02 - 2019-02-16 08:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-13 14:02 - 2019-02-16 08:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-13 14:02 - 2019-02-16 08:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-13 14:02 - 2019-02-16 08:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-13 14:02 - 2019-02-16 08:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-25 22:16 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-25 21:18 - 2018-09-20 21:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-25 18:15 - 2018-02-01 12:35 - 000000000 ____D C:\Program Files\trend micro
2019-03-25 18:11 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-25 18:11 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-25 17:56 - 2018-09-20 22:05 - 000004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F67E8608-A8D7-4722-A8E9-81BEB3C497C3}
2019-03-25 17:56 - 2018-02-01 17:22 - 000007607 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2019-03-25 17:56 - 2011-10-06 21:24 - 000000000 ____D C:\ProgramData\clear.fi
2019-03-25 17:55 - 2018-09-20 21:55 - 001759502 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-25 17:55 - 2018-04-12 16:50 - 000716314 _____ C:\WINDOWS\system32\perfh005.dat
2019-03-25 17:55 - 2018-04-12 16:50 - 000144572 _____ C:\WINDOWS\system32\perfc005.dat
2019-03-25 17:55 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-25 17:54 - 2018-09-20 22:05 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-03-25 17:54 - 2018-06-11 08:58 - 000000000 ____D C:\Users\admin\AppData\Local\AVAST Software
2019-03-22 07:30 - 2018-09-20 21:38 - 000000000 ____D C:\Users\admin
2019-03-21 18:09 - 2018-09-22 14:11 - 000000000 ____D C:\Users\admin\Documents\Delfínek
2019-03-21 17:22 - 2018-09-20 22:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-21 17:22 - 2016-10-26 18:40 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-21 15:51 - 2015-01-07 09:41 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-03-20 22:15 - 2015-12-30 12:35 - 000000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001UA.job
2019-03-20 22:15 - 2015-12-30 12:35 - 000000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001Core.job
2019-03-20 22:14 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-20 08:31 - 2017-08-13 20:41 - 000000000 ____D C:\Program Files\rempl
2019-03-15 06:53 - 2018-09-20 22:05 - 000003814 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-03-15 06:53 - 2018-09-20 22:05 - 000003650 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001UA
2019-03-15 06:53 - 2018-09-20 22:05 - 000003600 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001UA1d25870fe968896
2019-03-15 06:53 - 2018-09-20 22:05 - 000003406 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-03-15 06:53 - 2018-09-20 22:05 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-15 06:53 - 2018-09-20 22:05 - 000003382 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001Core
2019-03-15 06:53 - 2018-09-20 22:05 - 000003332 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392161629-819489254-3805429688-1001Core1d25870fe53c68c
2019-03-15 06:53 - 2018-09-20 22:05 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-15 06:53 - 2018-09-20 22:05 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-392161629-819489254-3805429688-1001
2019-03-15 06:53 - 2018-09-20 22:05 - 000002732 _____ C:\WINDOWS\System32\Tasks\clear.fi
2019-03-15 06:53 - 2018-09-20 22:05 - 000002680 _____ C:\WINDOWS\System32\Tasks\DMREngine
2019-03-15 06:53 - 2018-09-20 22:05 - 000002662 _____ C:\WINDOWS\System32\Tasks\clear.fiAgent
2019-03-15 06:53 - 2018-09-20 22:05 - 000002534 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2019-03-15 06:53 - 2018-09-20 22:05 - 000002008 _____ C:\WINDOWS\System32\Tasks\Adobe ARM
2019-03-15 06:53 - 2018-09-20 22:05 - 000002006 _____ C:\WINDOWS\System32\Tasks\Adobe Reader Speed Launcher
2019-03-15 06:53 - 2018-09-20 22:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-03-13 22:11 - 2018-09-20 21:32 - 000293208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-13 22:08 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-13 22:08 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-13 22:08 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-13 22:08 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-13 22:08 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-13 22:08 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-13 22:08 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-13 22:08 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-13 14:13 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-13 14:01 - 2016-06-08 11:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-13 13:55 - 2016-06-08 11:53 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-13 13:19 - 2019-01-08 21:11 - 004553728 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-03-13 13:19 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-03-13 13:19 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-03-09 17:30 - 2018-09-09 15:43 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-03-09 17:30 - 2018-09-09 15:43 - 000002467 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-03-06 20:49 - 2014-08-30 05:38 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-06 20:49 - 2014-08-30 05:38 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-04 22:48 - 2012-10-09 17:19 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-04 22:48 - 2012-10-09 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-04 22:48 - 2012-10-09 17:19 - 000000000 ____D C:\Program Files (x86)\WinRAR
2019-03-03 17:54 - 2018-11-14 19:13 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 17:54 - 2018-11-14 19:13 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-26 08:09 - 2017-02-19 19:49 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2012-10-09 17:54 - 2009-08-27 16:50 - 000000701 _____ () C:\Users\admin\AppData\Roaming\init.dll
2012-10-09 17:54 - 2009-09-10 17:01 - 000000701 _____ () C:\Users\admin\AppData\Roaming\sound.dll
2012-10-09 17:54 - 2009-09-11 15:33 - 000000006 _____ () C:\Users\admin\AppData\Roaming\SYSTEM32.dll
2018-02-01 17:22 - 2019-03-25 17:56 - 000007607 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-20 21:32

==================== End of FRST.txt ============================

#7 Příspěvek od **Conder** » 27 bře 2019 16:48

Pardon za zdrzanie.

Addon "Lišta Centrum.cz" mas vo Firefoxe nainstalovany umyselne?

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Users\admin\AppData\Roaming\init.dll
File: C:\Users\admin\AppData\Roaming\sound.dll
File: C:\Users\admin\AppData\Roaming\SYSTEM32.dll
File: C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
File: C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
File: C:\Windows\System32\HPZinw12.dll
File: C:\Windows\System32\HPZipm12.dll

SearchScopes: HKU\S-1-5-21-392161629-819489254-3805429688-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-392161629-819489254-3805429688-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxxp://www.bing.com/?pc=U223","hxxp://www.google.com/"
2019-03-25 18:14 - 2019-03-25 18:15 - 000000000 ____D C:\rsit
2019-03-25 18:13 - 2019-03-25 18:13 - 001222144 _____ C:\Users\admin\Desktop\RSITx64.exe
2019-03-25 18:15 - 2018-02-01 12:35 - 000000000 ____D C:\Program Files\trend micro
2012-10-09 17:54 - 2009-08-27 16:50 - 000000701 _____ () C:\Users\admin\AppData\Roaming\init.dll
2012-10-09 17:54 - 2009-09-10 17:01 - 000000701 _____ () C:\Users\admin\AppData\Roaming\sound.dll
2012-10-09 17:54 - 2009-09-11 15:33 - 000000006 _____ () C:\Users\admin\AppData\Roaming\SYSTEM32.dll
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\18.091.0506.0006\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
Task: {8C49457C-21A7-49AB-B3F1-AFCDE87AC6C7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

tamatun · #8 Příspěvek od **tamatun** » 27 bře 2019 17:28

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by admin (27-03-2019 17:11:57) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Users\admin\AppData\Roaming\init.dll
File: C:\Users\admin\AppData\Roaming\sound.dll
File: C:\Users\admin\AppData\Roaming\SYSTEM32.dll
File: C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
File: C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
File: C:\Windows\System32\HPZinw12.dll
File: C:\Windows\System32\HPZipm12.dll

SearchScopes: HKU\S-1-5-21-392161629-819489254-3805429688-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-392161629-819489254-3805429688-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxxp://www.bing.com/?pc=U223","hxxp://www.google.com/"
2019-03-25 18:14 - 2019-03-25 18:15 - 000000000 ____D C:\rsit
2019-03-25 18:13 - 2019-03-25 18:13 - 001222144 _____ C:\Users\admin\Desktop\RSITx64.exe
2019-03-25 18:15 - 2018-02-01 12:35 - 000000000 ____D C:\Program Files\trend micro
2012-10-09 17:54 - 2009-08-27 16:50 - 000000701 _____ () C:\Users\admin\AppData\Roaming\init.dll
2012-10-09 17:54 - 2009-09-10 17:01 - 000000701 _____ () C:\Users\admin\AppData\Roaming\sound.dll
2012-10-09 17:54 - 2009-09-11 15:33 - 000000006 _____ () C:\Users\admin\AppData\Roaming\SYSTEM32.dll
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\18.091.0506.0006\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
Task: {8C49457C-21A7-49AB-B3F1-AFCDE87AC6C7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Count : 38
Average :
Sum : 23456269
Maximum :
Minimum :
Property : Length

========= End of Powershell: =========

========================= File: C:\Users\admin\AppData\Roaming\init.dll ========================

C:\Users\admin\AppData\Roaming\init.dll
File not signed
MD5: B9B0ABB41ABA16E2562B261F5F9D9323
Creation and modification date: 2012-10-09 17:54 - 2009-08-27 16:50
Size: 000000701
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/4f4bdb0 ... 525350612/

====== End of File: ======

========================= File: C:\Users\admin\AppData\Roaming\sound.dll ========================

C:\Users\admin\AppData\Roaming\sound.dll
File not signed
MD5: B9B0ABB41ABA16E2562B261F5F9D9323
Creation and modification date: 2012-10-09 17:54 - 2009-09-10 17:01
Size: 000000701
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/4f4bdb0 ... 525350612/

====== End of File: ======

========================= File: C:\Users\admin\AppData\Roaming\SYSTEM32.dll ========================

C:\Users\admin\AppData\Roaming\SYSTEM32.dll
File not signed
MD5: 11131A291823134CFB0092926438DAA1
Creation and modification date: 2012-10-09 17:54 - 2009-09-11 15:33
Size: 000000006
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/d8fe4ba ... 508190652/

====== End of File: ======

========================= File: C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe ========================

C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
File not signed
MD5: 4131B7E7AEA4BCEC90F52CAFFDDF87F2
Creation and modification date: 2016-12-17 15:17 - 2018-06-21 15:45
Size: 002441384
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/fd23502 ... 529741162/

====== End of File: ======

========================= File: C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe ========================

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
File not signed
MD5: E4693409D06785477A49FB34AFAE1B92
Creation and modification date: 2011-08-05 02:58 - 2010-12-27 09:30
Size: 001817088
Attributes: ----A
Company Name: Realsil Microelectronics Inc.
Internal Name: RIconMan.exe
Original Name: RIconMan.exe
Product: IconMan_R
Description: Realtek Card Reader Icon Tool.
File Version: 1.1.9.1
Product Version: 1.1.9.1
Copyright: (C) 2010 Realsil. All Rights Reserved.
VirusTotal: 0

====== End of File: ======

========================= File: C:\Windows\System32\HPZinw12.dll ========================

C:\Windows\System32\HPZinw12.dll
File not signed
MD5: 96B4C0CE935F934C86662820294F7533
Creation and modification date: 2013-11-14 23:47 - 2013-11-14 23:47
Size: 000050688
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: Dot4Net
Original Name: Dot4Net.DLL
Product: Bidi User Mode
Description: Dot4Net Module
File Version: 16,2,2,51
Product Version: 16,2,2,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: 0

====== End of File: ======

========================= File: C:\Windows\System32\HPZipm12.dll ========================

C:\Windows\System32\HPZipm12.dll
File not signed
MD5: 028E6651E11162AE4F4D0283D78A2EC4
Creation and modification date: 2013-11-14 23:47 - 2013-11-14 23:47
Size: 000066048
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: PmlDrv
Original Name: PmlDrv.DLL
Product: Bidi User Mode
Description: PmlDrv Module
File Version: 16,2,2,51
Product Version: 16,2,2,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: 0

====== End of File: ======

"HKU\S-1-5-21-392161629-819489254-3805429688-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-392161629-819489254-3805429688-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"Chrome StartupUrls" => removed successfully
C:\rsit => moved successfully
C:\Users\admin\Desktop\RSITx64.exe => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\admin\AppData\Roaming\init.dll => moved successfully
C:\Users\admin\AppData\Roaming\sound.dll => moved successfully
C:\Users\admin\AppData\Roaming\SYSTEM32.dll => moved successfully
HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7} => removed successfully
HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
HKU\S-1-5-21-392161629-819489254-3805429688-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C49457C-21A7-49AB-B3F1-AFCDE87AC6C7} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C49457C-21A7-49AB-B3F1-AFCDE87AC6C7} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 234682693 B
Java, Flash, Steam htmlcache => 48546 B
Windows/system/drivers => 2574604 B
Edge => 535587 B
Chrome => 409733257 B
Firefox => 49276995 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14460 B
LocalService => 0 B
NetworkService => 85888 B
NetworkService => 0 B
admin => 10714699 B

RecycleBin => 2573345390 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:13:58 ====

tamatun · #9 Příspěvek od **tamatun** » 27 bře 2019 17:29

lištu odinstaliji

#10 Příspěvek od **Conder** » 28 bře 2019 20:10

OK, ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?

tamatun · #11 Příspěvek od **tamatun** » 30 bře 2019 12:58

vypadá to líp
děkuji

#12 Příspěvek od **Conder** » 30 bře 2019 14:15

Tak este upraceme po pouzitych nastrojoch:

Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
Uloz na plochu a spusti
Nechaj oznacenu moznost "Remove disinfection tools"
Klikni na "Run"

VIRY.CZ

maličko pomalejší PC

maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC

Re: maličko pomalejší PC