Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivní kontrola

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Stick
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 05 pro 2006 19:17

Preventivní kontrola

#1 Příspěvek od Stick »

Dobrý den,

prosím o kontrolu, jde o poměrně čerstvou instalaci systému, ale i přes to reaguje značně pomalu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.02.2019
Ran by Káťa (administrator) on LAPTOP-OJK0R611 (16-02-2019 15:40:11)
Running from C:\Users\Káťa\Desktop
Loaded Profiles: Káťa (Available Profiles: Káťa)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.580_none_ead976921d8220dc\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4436520 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Winlogon: [Userinit]
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.17.1
Tcpip\..\Interfaces\{1dfb0327-3149-4dec-9e13-f578932cebd6}: [DhcpNameServer] 192.168.17.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default [2019-02-16]
CHR Extension: (Prezentace) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-05]
CHR Extension: (Dokumenty) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-05]
CHR Extension: (Disk Google) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-05]
CHR Extension: (YouTube) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-05]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-12-05]
CHR Extension: (Tabulky) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-05]
CHR Extension: (Gmail) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe [489832 2018-05-08] (Advanced Micro Devices, Inc. -> AMD)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1322632 2017-12-13] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268128 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [351784 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [26984 2018-05-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmdag.sys [40413544 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmpag.sys [553832 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\drivers\amdpsp.sys [145792 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [111112 2018-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [1026896 2018-04-13] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [424384 2018-03-28] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [45096 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [46632 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [46488 2019-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [343032 2019-01-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-25] (Microsoft Windows -> Microsoft Corporation)
U4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2018-12-05] (Nemea Mjukvaruutveckling AB -> Basil Projects)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-16 15:40 - 2019-02-16 15:41 - 000017541 _____ C:\Users\Káťa\Desktop\FRST.txt
2019-02-16 15:38 - 2019-02-16 15:40 - 000000000 ____D C:\FRST
2019-02-16 15:36 - 2019-02-16 15:37 - 002433536 _____ (Farbar) C:\Users\Káťa\Desktop\FRST64.exe
2019-02-16 15:20 - 2019-02-16 15:20 - 246546432 _____ C:\Users\Káťa\Downloads\A Discovery of Witches S01E04 CZtit V OBRAZE.avi.crdownload
2019-02-15 09:31 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2019-02-15 09:31 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2019-02-15 09:31 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-02-15 09:31 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\windows\system32\hvix64.exe
2019-02-15 09:31 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\windows\system32\hvax64.exe
2019-02-15 09:31 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-02-15 09:31 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2019-02-15 09:31 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-15 09:31 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2019-02-15 09:31 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2019-02-15 09:31 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-02-15 09:31 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-02-15 09:31 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\windows\system32\webplatstorageserver.dll
2019-02-15 09:31 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\windows\system32\EdgeManager.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2019-02-15 09:31 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-02-15 09:31 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\windows\system32\StorSvc.dll
2019-02-15 09:31 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-02-15 09:31 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2019-02-15 09:31 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\windows\system32\ApplyTrustOffline.exe
2019-02-15 09:31 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\windows\system32\windows.storage.dll
2019-02-15 09:31 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-02-15 09:31 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2019-02-15 09:31 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\windows\system32\cdp.dll
2019-02-15 09:31 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\windows\system32\EdgeContent.dll
2019-02-15 09:31 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2019-02-15 09:31 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\windows\system32\WebRuntimeManager.dll
2019-02-15 09:31 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.desktop.dll
2019-02-15 09:31 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\windows\system32\PsmServiceExtHost.dll
2019-02-15 09:31 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2019-02-15 09:30 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\windows\system32\gdi32full.dll
2019-02-15 09:30 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-02-15 09:30 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-02-15 09:30 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\windows\system32\bcastdvruserservice.dll
2019-02-15 09:30 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32full.dll
2019-02-15 09:30 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-02-15 09:30 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-02-15 09:30 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2019-02-15 09:30 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\windows\system32\tcblaunch.exe
2019-02-15 09:30 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\windows\system32\hvloader.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hvservice.sys
2019-02-15 09:30 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\windows\SysWOW64\NtlmShared.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2019-02-15 09:30 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-02-15 09:30 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvproc.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\windows\system32\msvproc.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refsv1.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2019-02-15 09:30 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\windows\system32\browser_broker.exe
2019-02-15 09:30 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\windows\system32\NtlmShared.dll
2019-02-15 09:30 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2019-02-15 09:30 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-02-15 09:30 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2019-02-15 09:30 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-02-15 09:30 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2019-02-15 09:30 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-02-15 09:30 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-02-15 09:30 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2019-02-15 09:30 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2019-02-15 09:30 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2019-02-15 09:30 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\windows\SysWOW64\EdgeManager.dll
2019-02-15 09:30 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-02-15 09:30 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-02-15 09:30 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\windows\SysWOW64\webplatstorageserver.dll
2019-02-15 09:30 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2019-02-15 09:30 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\windows\system32\npmproxy.dll
2019-02-15 09:30 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys
2019-02-15 09:30 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-02-15 09:30 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2019-02-15 09:30 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\windows\system32\wuuhosdeployment.dll
2019-02-15 09:30 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-02-15 09:30 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2019-02-15 09:30 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\windows\system32\wuuhext.dll
2019-02-15 09:30 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\windows\system32\WpAXHolder.dll
2019-02-15 09:30 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2019-02-15 09:30 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys
2019-02-15 09:30 - 2019-02-06 02:04 - 000001314 _____ C:\windows\system32\tcbres.wim
2019-02-15 09:30 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.MixedRealityCapture.dll
2019-02-15 09:30 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-02-15 09:30 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-02-15 09:30 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-02-15 09:30 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\windows\system32\twinui.pcshell.dll
2019-02-15 09:30 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\iemigplugin.dll
2019-02-15 09:30 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2019-02-15 09:30 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Logon.dll
2019-02-15 09:30 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-02-15 09:30 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-02-15 09:30 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2019-02-15 09:30 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2019-02-15 09:30 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-02-15 09:30 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2019-02-15 09:30 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wldp.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\windows\SysWOW64\windows.storage.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVideoDSP.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\windows\SysWOW64\rmclient.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
2019-02-15 09:30 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bindflt.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-02-15 09:30 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\windows\system32\SecConfig.efi
2019-02-15 09:30 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\windows\system32\wldp.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\windows\system32\MSVideoDSP.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\windows\system32\browserbroker.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spacedump.sys
2019-02-15 09:30 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\windows\system32\rmclient.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\windows\system32\svchost.exe
2019-02-15 09:30 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2019-02-15 09:30 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2019-02-15 09:30 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\windows\system32\smartscreen.exe
2019-02-15 09:30 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2019-02-15 09:30 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2019-02-15 09:30 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdp.dll
2019-02-15 09:30 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\windows\system32\spacebridge.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\windows\system32\AppXApplicabilityBlob.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\spacebridge.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\windows\system32\MSPhotography.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSPhotography.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\windows\system32\MusUpdateHandlers.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\windows\system32\srpapi.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManagerClient.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\windows\system32\TokenBroker.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\windows\system32\WaaSMedicSvc.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgeIso.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManager.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\srpapi.dll
2019-02-15 09:30 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\windows\system32\smartscreenps.dll
2019-02-15 09:30 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\windows\SysWOW64\TokenBroker.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\windows\SysWOW64\smartscreenps.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\edgeIso.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msIso.dll
2019-02-15 09:30 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2019-02-15 09:30 - 2019-01-09 05:34 - 000806320 _____ C:\windows\SysWOW64\locale.nls
2019-02-15 09:30 - 2019-01-09 05:34 - 000806320 _____ C:\windows\system32\locale.nls
2019-02-15 09:30 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 000000072 _____ C:\windows\system32\edgehtmlpluginpolicy.bin
2019-02-12 20:05 - 2019-02-12 22:34 - 1643868808 _____ C:\Users\Káťa\Downloads\Sedm _ Se7en _ Seven 1995, EN - CZ tit.mkv
2019-02-11 11:20 - 2019-02-11 14:10 - 1870359732 _____ C:\Users\Káťa\Downloads\Muzikanti CZ film.avi
2019-02-10 19:58 - 2019-02-10 21:30 - 1016224028 _____ C:\Users\Káťa\Downloads\Smrt ve Tmě (2016,cz,dabing)ddd.avi
2019-02-10 14:09 - 2019-02-10 16:09 - 1329916984 _____ C:\Users\Káťa\Downloads\Lék na život (2017) - CZ dabing.avi
2019-02-09 12:04 - 2019-02-09 12:35 - 335146866 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E03 CZ titulky.avi
2019-02-09 11:00 - 2019-02-09 11:21 - 235704262 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E01 CZ titulky.avi
2019-02-09 09:23 - 2019-02-09 09:45 - 234604831 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E02 CZ titulky.mkv
2019-02-04 08:45 - 2019-02-13 11:40 - 000000000 ____D C:\Users\Káťa\Desktop\absolventka
2019-02-04 08:28 - 2019-02-04 08:28 - 000000000 ____D C:\Users\Káťa\AppData\Local\DBG
2019-02-03 14:43 - 2019-02-01 18:10 - 1198452823 _____ C:\Users\Káťa\Downloads\Pustina.S01E03.mp4
2019-02-03 14:42 - 2019-02-03 14:42 - 000324006 _____ C:\Users\Káťa\Desktop\ceZF9_dkoyoxM6nQyoSHDe7Svv1CJsyJmP_73atlOhZOHbsgsF3OitvRRKRDzUME0.pdf
2019-02-03 13:39 - 2019-02-01 18:15 - 1103363742 _____ C:\Users\Káťa\Downloads\Pustina.S01E02.mp4
2019-02-01 23:00 - 2019-02-01 18:15 - 1178800870 _____ C:\Users\Káťa\Downloads\Pustina.S01E01.mp4
2019-01-28 18:56 - 2019-01-28 19:56 - 656020814 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E10 CZTit. (frpli).avi
2019-01-28 17:23 - 2019-01-28 17:55 - 577388656 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E09 CZTit. (frpli).avi
2019-01-27 13:10 - 2019-01-27 13:51 - 458447258 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E08 CZTit. (frpli).avi
2019-01-26 16:33 - 2019-01-26 17:01 - 487946678 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E07 CZtit V OBRAZE.avi
2019-01-26 15:18 - 2019-01-26 16:23 - 717253674 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E06 CZTit. (frpli).avi
2019-01-26 12:54 - 2019-01-26 13:58 - 710336856 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E05 CZTit. (frpli).avi
2019-01-26 09:28 - 2019-01-26 10:21 - 589389878 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E04 CZTit. (frpli).avi
2019-01-25 19:53 - 2019-01-25 20:50 - 622175922 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E03 CZTit. (frpli).avi
2019-01-23 21:08 - 2019-01-23 21:08 - 000045409 _____ C:\Users\Káťa\Downloads\The.Haunting.of.House.Hill.S01E02.Open.Casket.1080p.Webrip.X264.srt
2019-01-23 18:26 - 2019-01-23 18:44 - 2897973329 _____ C:\Users\Káťa\Downloads\The.Haunting.of.House.Hill.S01E02.Open.Casket.1080p.Webrip.X264.mkv
2019-01-23 18:08 - 2019-01-23 19:03 - 614572786 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E02 CZTit. (frpli).avi
2019-01-23 13:28 - 2019-01-23 13:29 - 000045463 _____ C:\Users\Káťa\Downloads\The.Haunting.of.Hill.House.S01E02.Open.Casket.720p.NF.WEB-DL.DDP5.1.x264-NTG.srt
2019-01-22 20:25 - 2019-01-22 21:23 - 642607658 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E01 CZTit. (frpli).avi
2019-01-21 10:12 - 2019-01-21 10:29 - 320751541 _____ C:\Users\Káťa\Downloads\Čarodějův učeň-anim.pohádka (Karel Zeman) 1977.mp4
2019-01-18 19:41 - 2019-01-18 20:49 - 1255254016 _____ C:\Users\Káťa\Downloads\Král Rybář _ The Fisher King 1991, CZ.avi
2019-01-17 17:39 - 2019-01-17 17:39 - 000000000 ____D C:\Users\Káťa\Documents\Vlastní šablony Office

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-16 15:33 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-16 15:19 - 2018-12-05 11:20 - 000000000 ____D C:\Users\Káťa\AppData\Roaming\vlc
2019-02-16 15:18 - 2018-04-28 07:06 - 000000000 ____D C:\windows\system32\SleepStudy
2019-02-16 14:18 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-16 14:18 - 2018-04-12 00:38 - 000000000 ____D C:\windows\AppReadiness
2019-02-16 00:36 - 2018-05-28 20:45 - 000744924 _____ C:\windows\system32\perfh005.dat
2019-02-16 00:36 - 2018-05-28 20:45 - 000159594 _____ C:\windows\system32\perfc005.dat
2019-02-16 00:36 - 2018-04-28 07:11 - 001826110 _____ C:\windows\system32\PerfStringBackup.INI
2019-02-16 00:36 - 2018-04-12 00:36 - 000000000 ____D C:\windows\INF
2019-02-15 17:47 - 2018-04-28 07:06 - 000411656 _____ C:\windows\system32\FNTCACHE.DAT
2019-02-15 17:46 - 2018-04-28 07:06 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-02-15 17:45 - 2018-10-06 22:38 - 000065536 _____ C:\windows\psp_storage.bin
2019-02-15 17:45 - 2018-04-11 22:04 - 000786432 _____ C:\windows\system32\config\BBI
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\windows\SysWOW64\F12
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\windows\system32\F12
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\TextInput
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\ShellExperiences
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\bcastdvr
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Defender
2019-02-15 17:35 - 2019-01-03 00:30 - 000000360 _____ C:\windows\Tasks\HPCeeScheduleForKáťa.job
2019-02-15 17:24 - 2018-04-12 00:30 - 000000000 ____D C:\windows\CbsTemp
2019-02-15 09:52 - 2018-12-10 11:30 - 000000000 ____D C:\windows\system32\MRT
2019-02-15 09:48 - 2018-12-10 11:29 - 129330784 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-02-15 09:33 - 2018-12-05 10:57 - 000004562 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-15 09:32 - 2018-12-05 10:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-15 08:37 - 2018-12-09 17:40 - 000000000 ____D C:\Program Files\rempl
2019-02-15 08:32 - 2018-12-05 10:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 08:32 - 2018-12-05 10:58 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-12 20:45 - 2019-01-03 00:30 - 000003248 _____ C:\windows\System32\Tasks\HPCeeScheduleForKáťa
2019-02-10 23:15 - 2018-12-05 10:39 - 000000000 ____D C:\Users\Káťa\AppData\Local\ClassicShell
2019-02-10 12:55 - 2018-12-05 12:20 - 000003376 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1572241333-3680237035-3324955502-1001
2019-02-10 12:55 - 2018-12-05 11:08 - 000000000 ___RD C:\Users\Káťa\OneDrive
2019-02-10 12:55 - 2018-12-05 10:24 - 000002395 _____ C:\Users\Káťa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-08 08:43 - 2018-10-06 22:54 - 000000000 ____D C:\ProgramData\Packages
2019-02-04 09:44 - 2018-12-05 10:26 - 000000000 ____D C:\Users\Káťa\AppData\Local\Packages
2019-02-02 23:53 - 2018-12-10 22:10 - 000835480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-12-10 22:10 - 000179600 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-25 09:27 - 2018-04-28 07:06 - 000000000 ____D C:\windows\system32\Drivers\wd
2019-01-17 17:43 - 2018-12-18 19:50 - 000000000 ____D C:\Users\Káťa\Desktop\škola VDA

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\dllhost.exe => File is digitally signed
C:\windows\SysWOW64\dllhost.exe => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-28 07:06

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.02.2019
Ran by Káťa (16-02-2019 15:42:59)
Running from C:\Users\Káťa\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-12-05 06:39:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1572241333-3680237035-3324955502-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1572241333-3680237035-3324955502-503 - Limited - Disabled)
Guest (S-1-5-21-1572241333-3680237035-3324955502-501 - Limited - Disabled)
Káťa (S-1-5-21-1572241333-3680237035-3324955502-1001 - Administrator - Enabled) => C:\Users\Káťa
WDAGUtilityAccount (S-1-5-21-1572241333-3680237035-3324955502-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.11.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{4E100CB6-9312-48BC-9DC0-4F4D5C338449}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31241 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8544 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.113 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.69 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-04-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A26421A-81F2-44F9-ABFD-E6F4EBBACF4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {0C541767-CA33-412E-BE46-83735AA2FD03} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {1D58BF89-4020-4C2B-B7D8-CCEC133439DA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1E02C25D-0BF6-4813-95FF-D815039C295C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {32F248C4-13F1-4498-B51F-1CB1AEA4D1F0} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {385A03C1-8A15-4393-B355-142A942A1A7C} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.)
Task: {3B420611-1738-48B4-A6CF-4553AFCB7835} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3F2D0252-4A6E-454B-8670-62979774EBE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {4E77BE36-F990-42E7-9BC6-E6FAA0E0F075} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4F83790B-F67A-4C0B-953B-363347C967DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {6CADA4BE-ABDB-4660-BD71-1A3EECB9B54D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {78AD77C9-1415-4C8B-9764-3E719B8F8296} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {817815E2-4494-464D-8743-96DE7C3B73A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {92215D30-CC59-43FE-8566-9E5C137346E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9BE40D03-746A-4656-98EF-E825130CF003} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Inc.)
Task: {9FA008BA-4CEF-4AA2-990B-2AD99A14D667} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {A3F28181-003B-4BA9-9200-EDD1355E2A8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe (HP Inc. -> HP Inc.)
Task: {B7DC6623-B320-47E5-9ECE-830E260632D4} - System32\Tasks\HPCeeScheduleForKáťa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.)
Task: {D0C79140-3261-414E-88B1-1167AA092F51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DAAF64C4-A808-46C2-AF10-1CA09DEF0E4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {E30896C0-805E-464C-AD6B-8AD4AAB91177} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
Task: {EC147115-1283-4C5C-9F57-5A299F51F55C} - System32\Tasks\StartCN => c:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {ED2C073B-FD79-437F-8F15-A001686EA31D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleForKáťa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-05 12:39 - 2018-12-05 12:39 - 000016896 _____ () C:\Program Files\KMSpico\WinDivert.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\windows\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-13 11:41 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-15 09:30 - 2019-02-06 03:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-05 11:50 - 2018-12-05 11:54 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-15 08:36 - 2019-02-15 08:36 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-15 08:36 - 2019-02-15 08:36 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2017-12-15 20:17 - 2017-12-15 20:17 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-12-15 20:17 - 2017-12-15 20:17 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-02-15 08:31 - 2019-02-13 06:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-15 08:31 - 2019-02-13 06:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 17:48 - 2019-01-31 17:48 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-17 15:11 - 2019-01-17 15:12 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.17.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FED2B69-D117-4281-B4D1-C82BA139DDB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1FDF6E5-D0A3-44CA-AE95-3F3FBBB73C52}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{037E051A-77A9-4AC6-A4AB-9FDA5F65E2EE}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{3184A31B-D753-4E51-AFB3-7742842E76D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe No File
FirewallRules: [{B1DDCA0E-3AA8-4239-B65C-30BDDF7CF882}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe No File
FirewallRules: [{49C9A7CE-E1B4-4D9A-BC9F-C55FAF193EBE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe No File
FirewallRules: [{AEB21790-07D2-46A8-8836-877412845E3A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe No File
FirewallRules: [{9FC0DC78-C4E0-4572-AA3A-D4A3438573D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11126.20266.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A82183B-9F3A-4B84-9C8D-3184CBF8539D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

26-01-2019 15:36:27 Naplánovaný kontrolní bod
03-02-2019 11:48:04 Naplánovaný kontrolní bod
08-02-2019 20:40:59 Instalační služba modulů systému Windows
15-02-2019 08:33:16 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2019 03:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25547

Error: (02/16/2019 03:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25547

Error: (02/16/2019 03:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2019 03:18:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1750

Error: (02/16/2019 03:18:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1750

Error: (02/16/2019 03:18:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2019 12:20:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1969

Error: (02/16/2019 12:20:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1969


System errors:
=============
Error: (02/16/2019 09:54:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:53:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:51:41 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-OJK0R611)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-OJK0R611\Káťa (SID: S-1-5-21-1572241333-3680237035-3324955502-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:51:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby HPWMISVC bylo dosaženo časového limitu (30000 ms).

Error: (02/15/2019 05:51:05 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-OJK0R611)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-OJK0R611\Káťa (SID: S-1-5-21-1572241333-3680237035-3324955502-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:48:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:48:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-02-16 15:33:56.004
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {43C2959C-00B0-4C37-BDD2-D90BEC3DA809}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-16 15:18:52.755
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5B865FA9-4A79-41D1-8E20-7254B1676DE8}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-15 17:57:47.748
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\Temp\SECOH-QAD.dll; file:_C:\Windows\Temp\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.13.0, AS: 1.287.13.0, NIS: 1.287.13.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-15 17:57:47.512
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\Temp\SECOH-QAD.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.13.0, AS: 1.287.13.0, NIS: 1.287.13.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-15 17:57:47.158
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.13.0, AS: 1.287.13.0, NIS: 1.287.13.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-15 08:45:50.173
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.285.1418.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.8
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-02-16 15:29:11.304
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:29:11.302
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:16:44.980
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:16:44.978
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:16:38.693
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:16:38.689
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 14:59:11.181
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 14:59:11.178
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD E2-9000e RADEON R2, 4 COMPUTE CORES 2C+2G
Percentage of memory in use: 77%
Total physical RAM: 3981.68 MB
Available physical RAM: 886.96 MB
Total Virtual: 4941.68 MB
Available Virtual: 1387.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.58 GB) (Free:343.47 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.94 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{302fff6d-74bb-469d-b2db-218953e3b4aa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\\?\Volume{38e2630b-f6b3-4766-b35b-d14e13d18c8b}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7BC58E7F)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Stick
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 05 pro 2006 19:17

Re: Preventivní kontrola

#3 Příspěvek od Stick »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-15.6 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-17-2019
# Duration: 00:00:24
# OS: Windows 10 Home
# Scanned: 31826
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1250 octets] - [17/02/2019 18:04:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#4 Příspěvek od Diallix »

Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Stick
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 05 pro 2006 19:17

Re: Preventivní kontrola

#5 Příspěvek od Stick »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
Ran by Káťa (administrator) on LAPTOP-OJK0R611 (23-02-2019 11:35:41)
Running from C:\Users\Káťa\Desktop
Loaded Profiles: Káťa (Available Profiles: Káťa)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4436520 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft)
HKLM-x32...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.17.1
Tcpip\..\Interfaces\{1dfb0327-3149-4dec-9e13-f578932cebd6}: [DhcpNameServer] 192.168.17.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default [2019-02-23]
CHR Extension: (Prezentace) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-05]
CHR Extension: (Dokumenty) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-05]
CHR Extension: (Disk Google) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-05]
CHR Extension: (YouTube) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-05]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-12-05]
CHR Extension: (Tabulky) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-05]
CHR Extension: (Gmail) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe [489832 2018-05-08] (Advanced Micro Devices, Inc. -> AMD)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1322632 2017-12-13] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268128 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [351784 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [26984 2018-05-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmdag.sys [40413544 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmpag.sys [553832 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\drivers\amdpsp.sys [145792 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [111112 2018-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [1026896 2018-04-13] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [424384 2018-03-28] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [45096 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [46632 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
U4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2018-12-05] (Nemea Mjukvaruutveckling AB -> Basil Projects)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-21 18:12 - 2019-02-21 18:12 - 000000772 _____ C:\Users\Káťa\Desktop\škola VDA – zástupce.lnk
2019-02-21 17:27 - 2019-02-23 11:35 - 000000000 ____D C:\Users\Káťa\Desktop\FRST-OlderVersion
2019-02-17 18:52 - 2019-02-17 20:33 - 1111003014 _____ C:\Users\Káťa\Downloads\Zootropolis-Město zvířat (2016) CZ-dabing TOP.avi
2019-02-17 18:36 - 2019-02-17 18:37 - 000228728 _____ C:\Users\Káťa\Documents\cc_20190217_183650.reg
2019-02-17 18:31 - 2019-02-17 18:31 - 000003936 _____ C:\windows\System32\Tasks\CCleaner Update
2019-02-17 18:31 - 2019-02-17 18:31 - 000002886 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2019-02-17 18:31 - 2019-02-17 18:31 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-17 18:31 - 2019-02-17 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-17 18:31 - 2019-02-17 18:31 - 000000000 ____D C:\Program Files\CCleaner
2019-02-17 18:28 - 2019-02-17 18:29 - 019341880 _____ (Piriform Software Ltd) C:\Users\Káťa\Downloads\ccsetup552.exe
2019-02-17 18:03 - 2019-02-17 18:04 - 000000000 ____D C:\AdwCleaner
2019-02-17 16:21 - 2019-02-17 16:22 - 007316688 _____ (Malwarebytes) C:\Users\Káťa\Desktop\adwcleaner_7.2.7.0.exe
2019-02-16 15:42 - 2019-02-21 17:31 - 000033506 _____ C:\Users\Káťa\Desktop\Addition.txt
2019-02-16 15:40 - 2019-02-23 11:37 - 000017058 _____ C:\Users\Káťa\Desktop\FRST.txt
2019-02-16 15:38 - 2019-02-23 11:35 - 000000000 ____D C:\FRST
2019-02-16 15:36 - 2019-02-23 11:35 - 002435072 _____ (Farbar) C:\Users\Káťa\Desktop\FRST64.exe
2019-02-16 15:20 - 2019-02-16 15:52 - 350700300 _____ C:\Users\Káťa\Downloads\A Discovery of Witches S01E04 CZtit V OBRAZE.avi
2019-02-15 09:31 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2019-02-15 09:31 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2019-02-15 09:31 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-02-15 09:31 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\windows\system32\hvix64.exe
2019-02-15 09:31 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\windows\system32\hvax64.exe
2019-02-15 09:31 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-02-15 09:31 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2019-02-15 09:31 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-15 09:31 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2019-02-15 09:31 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2019-02-15 09:31 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-02-15 09:31 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-02-15 09:31 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\windows\system32\webplatstorageserver.dll
2019-02-15 09:31 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\windows\system32\EdgeManager.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2019-02-15 09:31 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-02-15 09:31 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\windows\system32\StorSvc.dll
2019-02-15 09:31 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-02-15 09:31 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2019-02-15 09:31 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\windows\system32\ApplyTrustOffline.exe
2019-02-15 09:31 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\windows\system32\windows.storage.dll
2019-02-15 09:31 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-02-15 09:31 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2019-02-15 09:31 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\windows\system32\cdp.dll
2019-02-15 09:31 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\windows\system32\EdgeContent.dll
2019-02-15 09:31 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2019-02-15 09:31 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\windows\system32\WebRuntimeManager.dll
2019-02-15 09:31 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.desktop.dll
2019-02-15 09:31 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\windows\system32\PsmServiceExtHost.dll
2019-02-15 09:31 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2019-02-15 09:30 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\windows\system32\gdi32full.dll
2019-02-15 09:30 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-02-15 09:30 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-02-15 09:30 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\windows\system32\bcastdvruserservice.dll
2019-02-15 09:30 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32full.dll
2019-02-15 09:30 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-02-15 09:30 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-02-15 09:30 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2019-02-15 09:30 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\windows\system32\tcblaunch.exe
2019-02-15 09:30 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\windows\system32\hvloader.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hvservice.sys
2019-02-15 09:30 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\windows\SysWOW64\NtlmShared.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2019-02-15 09:30 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-02-15 09:30 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvproc.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\windows\system32\msvproc.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refsv1.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2019-02-15 09:30 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\windows\system32\browser_broker.exe
2019-02-15 09:30 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\windows\system32\NtlmShared.dll
2019-02-15 09:30 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2019-02-15 09:30 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-02-15 09:30 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2019-02-15 09:30 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-02-15 09:30 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2019-02-15 09:30 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-02-15 09:30 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-02-15 09:30 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2019-02-15 09:30 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2019-02-15 09:30 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2019-02-15 09:30 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\windows\SysWOW64\EdgeManager.dll
2019-02-15 09:30 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-02-15 09:30 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-02-15 09:30 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\windows\SysWOW64\webplatstorageserver.dll
2019-02-15 09:30 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2019-02-15 09:30 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\windows\system32\npmproxy.dll
2019-02-15 09:30 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys
2019-02-15 09:30 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-02-15 09:30 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2019-02-15 09:30 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\windows\system32\wuuhosdeployment.dll
2019-02-15 09:30 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-02-15 09:30 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2019-02-15 09:30 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\windows\system32\wuuhext.dll
2019-02-15 09:30 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\windows\system32\WpAXHolder.dll
2019-02-15 09:30 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2019-02-15 09:30 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys
2019-02-15 09:30 - 2019-02-06 02:04 - 000001314 _____ C:\windows\system32\tcbres.wim
2019-02-15 09:30 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.MixedRealityCapture.dll
2019-02-15 09:30 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-02-15 09:30 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-02-15 09:30 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-02-15 09:30 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\windows\system32\twinui.pcshell.dll
2019-02-15 09:30 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\iemigplugin.dll
2019-02-15 09:30 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2019-02-15 09:30 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Logon.dll
2019-02-15 09:30 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-02-15 09:30 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-02-15 09:30 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2019-02-15 09:30 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2019-02-15 09:30 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-02-15 09:30 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2019-02-15 09:30 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wldp.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\windows\SysWOW64\windows.storage.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVideoDSP.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\windows\SysWOW64\rmclient.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
2019-02-15 09:30 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bindflt.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-02-15 09:30 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\windows\system32\SecConfig.efi
2019-02-15 09:30 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\windows\system32\wldp.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\windows\system32\MSVideoDSP.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\windows\system32\browserbroker.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spacedump.sys
2019-02-15 09:30 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\windows\system32\rmclient.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\windows\system32\svchost.exe
2019-02-15 09:30 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2019-02-15 09:30 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2019-02-15 09:30 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\windows\system32\smartscreen.exe
2019-02-15 09:30 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2019-02-15 09:30 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2019-02-15 09:30 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdp.dll
2019-02-15 09:30 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\windows\system32\spacebridge.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\windows\system32\AppXApplicabilityBlob.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\spacebridge.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\windows\system32\MSPhotography.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSPhotography.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\windows\system32\MusUpdateHandlers.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\windows\system32\srpapi.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManagerClient.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\windows\system32\TokenBroker.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\windows\system32\WaaSMedicSvc.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgeIso.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManager.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\srpapi.dll
2019-02-15 09:30 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\windows\system32\smartscreenps.dll
2019-02-15 09:30 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\windows\SysWOW64\TokenBroker.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\windows\SysWOW64\smartscreenps.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\edgeIso.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msIso.dll
2019-02-15 09:30 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2019-02-15 09:30 - 2019-01-09 05:34 - 000806320 _____ C:\windows\SysWOW64\locale.nls
2019-02-15 09:30 - 2019-01-09 05:34 - 000806320 _____ C:\windows\system32\locale.nls
2019-02-15 09:30 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 000000072 _____ C:\windows\system32\edgehtmlpluginpolicy.bin
2019-02-12 20:05 - 2019-02-12 22:34 - 1643868808 _____ C:\Users\Káťa\Downloads\Sedm _ Se7en _ Seven 1995, EN - CZ tit.mkv
2019-02-11 11:20 - 2019-02-11 14:10 - 1870359732 _____ C:\Users\Káťa\Downloads\Muzikanti CZ film.avi
2019-02-10 19:58 - 2019-02-10 21:30 - 1016224028 _____ C:\Users\Káťa\Downloads\Smrt ve Tmě (2016,cz,dabing)ddd.avi
2019-02-10 14:09 - 2019-02-10 16:09 - 1329916984 _____ C:\Users\Káťa\Downloads\Lék na život (2017) - CZ dabing.avi
2019-02-09 12:04 - 2019-02-09 12:35 - 335146866 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E03 CZ titulky.avi
2019-02-09 11:00 - 2019-02-09 11:21 - 235704262 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E01 CZ titulky.avi
2019-02-09 09:23 - 2019-02-09 09:45 - 234604831 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E02 CZ titulky.mkv
2019-02-04 08:45 - 2019-02-19 22:10 - 000000000 ____D C:\Users\Káťa\Desktop\absolventka
2019-02-04 08:28 - 2019-02-04 08:28 - 000000000 ____D C:\Users\Káťa\AppData\Local\DBG
2019-02-03 14:43 - 2019-02-01 18:10 - 1198452823 _____ C:\Users\Káťa\Downloads\Pustina.S01E03.mp4
2019-02-03 13:39 - 2019-02-01 18:15 - 1103363742 _____ C:\Users\Káťa\Downloads\Pustina.S01E02.mp4
2019-02-01 23:00 - 2019-02-01 18:15 - 1178800870 _____ C:\Users\Káťa\Downloads\Pustina.S01E01.mp4
2019-01-28 18:56 - 2019-01-28 19:56 - 656020814 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E10 CZTit. (frpli).avi
2019-01-28 17:23 - 2019-01-28 17:55 - 577388656 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E09 CZTit. (frpli).avi
2019-01-27 13:10 - 2019-01-27 13:51 - 458447258 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E08 CZTit. (frpli).avi
2019-01-26 16:33 - 2019-01-26 17:01 - 487946678 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E07 CZtit V OBRAZE.avi
2019-01-26 15:18 - 2019-01-26 16:23 - 717253674 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E06 CZTit. (frpli).avi
2019-01-26 12:54 - 2019-01-26 13:58 - 710336856 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E05 CZTit. (frpli).avi
2019-01-26 09:28 - 2019-01-26 10:21 - 589389878 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E04 CZTit. (frpli).avi
2019-01-25 19:53 - 2019-01-25 20:50 - 622175922 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E03 CZTit. (frpli).avi

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-23 11:34 - 2018-04-28 07:06 - 000000000 ____D C:\windows\system32\SleepStudy
2019-02-23 11:34 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-23 10:18 - 2018-04-28 07:06 - 000000000 ____D C:\windows\system32\Drivers\wd
2019-02-23 10:12 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-23 10:12 - 2018-04-12 00:38 - 000000000 ____D C:\windows\AppReadiness
2019-02-21 18:12 - 2018-12-05 10:39 - 000000000 ____D C:\Users\Káťa\AppData\Local\ClassicShell
2019-02-21 17:54 - 2019-01-03 00:30 - 000003248 _____ C:\windows\System32\Tasks\HPCeeScheduleForKáťa
2019-02-21 17:54 - 2019-01-03 00:30 - 000000360 _____ C:\windows\Tasks\HPCeeScheduleForKáťa.job
2019-02-21 14:26 - 2018-12-05 10:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-21 11:10 - 2018-04-12 00:36 - 000000000 ____D C:\windows\INF
2019-02-18 12:17 - 2018-12-18 19:50 - 000000000 ____D C:\škola VDA
2019-02-18 11:12 - 2018-12-05 11:20 - 000000000 ____D C:\Users\Káťa\AppData\Roaming\vlc
2019-02-17 18:33 - 2018-04-28 08:02 - 000000000 ____D C:\windows\Panther
2019-02-17 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\windows\LiveKernelReports
2019-02-16 00:36 - 2018-05-28 20:45 - 000744924 _____ C:\windows\system32\perfh005.dat
2019-02-16 00:36 - 2018-05-28 20:45 - 000159594 _____ C:\windows\system32\perfc005.dat
2019-02-16 00:36 - 2018-04-28 07:11 - 001826110 _____ C:\windows\system32\PerfStringBackup.INI
2019-02-15 17:47 - 2018-04-28 07:06 - 000411656 _____ C:\windows\system32\FNTCACHE.DAT
2019-02-15 17:46 - 2018-04-28 07:06 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-02-15 17:45 - 2018-10-06 22:38 - 000065536 _____ C:\windows\psp_storage.bin
2019-02-15 17:45 - 2018-04-11 22:04 - 000786432 _____ C:\windows\system32\config\BBI
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\windows\SysWOW64\F12
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\windows\system32\F12
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\TextInput
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\ShellExperiences
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\bcastdvr
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Defender
2019-02-15 17:24 - 2018-04-12 00:30 - 000000000 ____D C:\windows\CbsTemp
2019-02-15 09:52 - 2018-12-10 11:30 - 000000000 ____D C:\windows\system32\MRT
2019-02-15 09:48 - 2018-12-10 11:29 - 129330784 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-02-15 09:33 - 2018-12-05 10:57 - 000004562 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-15 08:37 - 2018-12-09 17:40 - 000000000 ____D C:\Program Files\rempl
2019-02-15 08:32 - 2018-12-05 10:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 08:32 - 2018-12-05 10:58 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-10 12:55 - 2018-12-05 12:20 - 000003376 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1572241333-3680237035-3324955502-1001
2019-02-10 12:55 - 2018-12-05 11:08 - 000000000 ___RD C:\Users\Káťa\OneDrive
2019-02-10 12:55 - 2018-12-05 10:24 - 000002395 _____ C:\Users\Káťa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-08 08:43 - 2018-10-06 22:54 - 000000000 ____D C:\ProgramData\Packages
2019-02-04 09:44 - 2018-12-05 10:26 - 000000000 ____D C:\Users\Káťa\AppData\Local\Packages
2019-02-02 23:53 - 2018-12-10 22:10 - 000835480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-12-10 22:10 - 000179600 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\dllhost.exe => File is digitally signed
C:\windows\SysWOW64\dllhost.exe => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-28 07:06

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Káťa (23-02-2019 11:38:24)
Running from C:\Users\Káťa\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-12-05 06:39:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1572241333-3680237035-3324955502-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1572241333-3680237035-3324955502-503 - Limited - Disabled)
Guest (S-1-5-21-1572241333-3680237035-3324955502-501 - Limited - Disabled)
Káťa (S-1-5-21-1572241333-3680237035-3324955502-1001 - Administrator - Enabled) => C:\Users\Káťa
WDAGUtilityAccount (S-1-5-21-1572241333-3680237035-3324955502-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.11.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{4E100CB6-9312-48BC-9DC0-4F4D5C338449}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31241 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8544 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.113 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.69 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\windows\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-04-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A26421A-81F2-44F9-ABFD-E6F4EBBACF4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {0C541767-CA33-412E-BE46-83735AA2FD03} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {1D58BF89-4020-4C2B-B7D8-CCEC133439DA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1E02C25D-0BF6-4813-95FF-D815039C295C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {23CBAED1-8C15-4317-A8A5-8A1EDFB644DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {276EA9C2-5D11-482D-9BDC-C4A7ED3BB5E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {32F248C4-13F1-4498-B51F-1CB1AEA4D1F0} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {385A03C1-8A15-4393-B355-142A942A1A7C} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.)
Task: {3F2D0252-4A6E-454B-8670-62979774EBE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {4D0703FE-437E-4FFC-9232-35E53FEE46A4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4F83790B-F67A-4C0B-953B-363347C967DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {6232658C-0205-484E-A700-6E38909788BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {69B177B6-FB4C-4F2C-A1D8-9484D72E3364} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6CADA4BE-ABDB-4660-BD71-1A3EECB9B54D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {752A4CB5-B895-47A2-99F2-306BD5F80108} - System32\Tasks\HPCeeScheduleForKáťa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.)
Task: {817815E2-4494-464D-8743-96DE7C3B73A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {92215D30-CC59-43FE-8566-9E5C137346E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9BE40D03-746A-4656-98EF-E825130CF003} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Inc.)
Task: {9FA008BA-4CEF-4AA2-990B-2AD99A14D667} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {A3F28181-003B-4BA9-9200-EDD1355E2A8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe (HP Inc. -> HP Inc.)
Task: {DAAF64C4-A808-46C2-AF10-1CA09DEF0E4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {DFE0A551-FA78-4309-9189-EA6209FE4047} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E30896C0-805E-464C-AD6B-8AD4AAB91177} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
Task: {EC147115-1283-4C5C-9F57-5A299F51F55C} - System32\Tasks\StartCN => c:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {ED2C073B-FD79-437F-8F15-A001686EA31D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleForKáťa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-05 12:39 - 2018-12-05 12:39 - 000016896 _____ () C:\Program Files\KMSpico\WinDivert.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-13 11:41 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-12-15 20:17 - 2017-12-15 20:17 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-02-15 08:31 - 2019-02-13 06:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-15 08:31 - 2019-02-13 06:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2019-02-15 09:30 - 2019-02-06 03:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 17:48 - 2019-01-31 17:48 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2019-01-17 15:11 - 2019-01-17 15:12 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2019-02-12 18:24 - 2019-02-12 18:24 - 008562688 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe\OneConnect.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.17.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FED2B69-D117-4281-B4D1-C82BA139DDB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5A82183B-9F3A-4B84-9C8D-3184CBF8539D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{39FD399D-688D-4E5E-9DE8-973A1E91B432}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11231.20174.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F0DCB34-FDA6-4521-B6F2-27669C8558B1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{297F15ED-D515-4EF5-B5DC-C645682409E7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

08-02-2019 20:40:59 Instalační služba modulů systému Windows
15-02-2019 08:33:16 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2019 10:08:11 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (02/22/2019 06:31:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8657

Error: (02/22/2019 06:31:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8657

Error: (02/22/2019 06:31:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2019 06:31:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1922

Error: (02/22/2019 06:31:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1922

Error: (02/22/2019 06:31:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2019 04:36:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9109


System errors:
=============
Error: (02/23/2019 10:42:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Nelze spustit server DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. Došlo k chybě:
5
při provádění příkazu:
C:\windows\system32\SppExtComObj.exe -Embedding

Error: (02/23/2019 10:32:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Nelze spustit server DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. Došlo k chybě:
5
při provádění příkazu:
C:\windows\system32\SppExtComObj.exe -Embedding

Error: (02/23/2019 10:12:12 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-OJK0R611)
Description: Server {355822FC-86F1-4BE8-B5F0-A33736789641} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/23/2019 10:11:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/22/2019 09:54:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/21/2019 11:08:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/20/2019 10:16:12 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-OJK0R611)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-OJK0R611\Káťa (SID: S-1-5-21-1572241333-3680237035-3324955502-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/20/2019 10:15:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-02-23 10:43:21.807
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: C:\Windows\System32\svchost.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-23 10:42:04.186
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: C:\Windows\System32\svchost.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-23 10:41:57.530
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-23 10:41:56.725
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-23 10:33:36.027
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: C:\Windows\System32\svchost.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-15 08:45:50.173
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.285.1418.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.8
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-02-23 11:38:18.585
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 11:38:18.583
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 11:23:02.611
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 11:23:02.609
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 10:53:03.045
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 10:53:03.043
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 10:28:34.893
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 10:28:34.891
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD E2-9000e RADEON R2, 4 COMPUTE CORES 2C+2G
Percentage of memory in use: 68%
Total physical RAM: 3981.68 MB
Available physical RAM: 1251.26 MB
Total Virtual: 5421.43 MB
Available Virtual: 2072.32 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.58 GB) (Free:345.04 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.94 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{302fff6d-74bb-469d-b2db-218953e3b4aa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\\?\Volume{38e2630b-f6b3-4766-b35b-d14e13d18c8b}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7BC58E7F)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Bonjour
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe" 
SearchScopes: HKLM -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
FirewallRules: [{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FED2B69-D117-4281-B4D1-C82BA139DDB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Stick
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 05 pro 2006 19:17

Re: Preventivní kontrola

#7 Příspěvek od Stick »

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Káťa (23-02-2019 16:03:51) Run:1
Running from C:\Users\Káťa\Desktop
Loaded Profiles: Káťa (Available Profiles: Káťa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Bonjour
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
SearchScopes: HKLM -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
FirewallRules: [{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FED2B69-D117-4281-B4D1-C82BA139DDB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Program Files\KMSpico\Service_KMS.exe => moved successfully
C:\Program Files\KMSpico => moved successfully
C:\Program Files\Bonjour\mDNSResponder.exe => moved successfully
C:\Program Files\Bonjour => moved successfully
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} => removed successfully
HKLM\Software\Classes\CLSID\{9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} => not found
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} => removed successfully
HKLM\Software\Classes\CLSID\{9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => removed successfully
HKLM\Software\Classes\CLSID\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => not found
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => removed successfully
HKLM\Software\Classes\CLSID\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => not found
HKLM\System\CurrentControlSet\Services\H2OFFT => removed successfully
H2OFFT => service removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FED2B69-D117-4281-B4D1-C82BA139DDB7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}" => removed successfully


The system needed a reboot.

==== End of Fixlog 16:05:19 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#8 Příspěvek od Diallix »

Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Odpovědět